CVE-2025-6779
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-11
Last updated on: 2025-11-24
Assigner: Axis Communications AB
Description
Description
An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install aΒ malicious ACAP application.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | From 12.0.0 (inc) to 12.6.40 (exc) |
| axis | a1210_\(-b\) | * |
| axis | a1214 | * |
| axis | a1601 | * |
| axis | a1610_\(-b\) | * |
| axis | a1710-b | * |
| axis | a1810-b | * |
| axis | a8207-ve_mk_ii | * |
| axis | c1110-e | * |
| axis | c1111-e | * |
| axis | c1210-e | * |
| axis | c1211-e | * |
| axis | c1310-e_mk_ii | * |
| axis | c1410_mk_ii | * |
| axis | c1510 | * |
| axis | c1511 | * |
| axis | c1610-ve | * |
| axis | c1710 | * |
| axis | c1720 | * |
| axis | c6110 | * |
| axis | c8110 | * |
| axis | c8210 | * |
| axis | d1110 | * |
| axis | d201-s_xpt_q6075 | * |
| axis | d2110-ve | * |
| axis | d2210-ve | * |
| axis | d3110_mk_ii | * |
| axis | d4100-ve_mk_ii | * |
| axis | d4200-ve | * |
| axis | d6310 | * |
| axis | excam_xf_q1785 | * |
| axis | excam_xpt_q6075 | * |
| axis | f9104-b_main_unit | * |
| axis | f9104-b_mk_ii_main_unit | * |
| axis | f9111-r_mk_ii_main_unit | * |
| axis | f9111_main_unit | * |
| axis | f9111_mk_ii_main_unit | * |
| axis | f9114-b-r_mk_ii_main_unit | * |
| axis | f9114-b_main_unit | * |
| axis | f9114-bt | * |
| axis | f9114_main_unit | * |
| axis | fa51 | * |
| axis | fa51-b | * |
| axis | fa54 | * |
| axis | i7010-safety | * |
| axis | i7010-ve | * |
| axis | i7020 | * |
| axis | i8016-lve | * |
| axis | i8116-e | * |
| axis | i8307-ve | * |
| axis | m1055-l | * |
| axis | m1075-l | * |
| axis | m1135 | * |
| axis | m1135-e_mk_ii | * |
| axis | m1137 | * |
| axis | m1137-e_mk_ii | * |
| axis | m2035-le | * |
| axis | m2036-le | * |
| axis | m3057-plr_mk_ii | * |
| axis | m3085-v | * |
| axis | m3086-v | * |
| axis | m3086-v_mic | * |
| axis | m3088-v | * |
| axis | m3125-lve | * |
| axis | m3126-lve | * |
| axis | m3128-lve | * |
| axis | m3215-lve | * |
| axis | m3216-lve | * |
| axis | m3905-r | * |
| axis | m4215-lv | * |
| axis | m4215-v | * |
| axis | m4216-lv | * |
| axis | m4216-v | * |
| axis | m4218-lv | * |
| axis | m4218-v | * |
| axis | m4225-lve | * |
| axis | m4227-lve | * |
| axis | m4228-lve | * |
| axis | m4308-ple | * |
| axis | m4317-plr | * |
| axis | m4317-plve | * |
| axis | m4318-plr | * |
| axis | m4318-plve | * |
| axis | m4327-p | * |
| axis | m4328-p | * |
| axis | m5000 | * |
| axis | m5000-g | * |
| axis | m5074 | * |
| axis | m5075 | * |
| axis | m5075-g | * |
| axis | m5526-e | * |
| axis | m7104 | * |
| axis | m7116 | * |
| axis | p1245_mk_ii | * |
| axis | p1265_mk_ii | * |
| axis | p1275_mk_ii | * |
| axis | p1385 | * |
| axis | p1385-b | * |
| axis | p1385-be | * |
| axis | p1385-e | * |
| axis | p1387 | * |
| axis | p1387-b | * |
| axis | p1387-be | * |
| axis | p1387-le | * |
| axis | p1388 | * |
| axis | p1388-b | * |
| axis | p1388-be | * |
| axis | p1388-le | * |
| axis | p1465-le | * |
| axis | p1465-le-3 | * |
| axis | p1467-le | * |
| axis | p1468-le | * |
| axis | p1468-xle | * |
| axis | p1475-le | * |
| axis | p1518-e | * |
| axis | p1518-le | * |
| axis | p3265-lv | * |
| axis | p3265-lve | * |
| axis | p3265-lve-3 | * |
| axis | p3265-v | * |
| axis | p3267-lv | * |
| axis | p3267-lve | * |
| axis | p3267-lve_mic | * |
| axis | p3268-lv | * |
| axis | p3268-lve | * |
| axis | p3268-slve | * |
| axis | p3275-lv | * |
| axis | p3275-lve | * |
| axis | p3277-lv | * |
| axis | p3277-lve | * |
| axis | p3278-lv | * |
| axis | p3278-lve | * |
| axis | p3285-lv | * |
| axis | p3285-lve | * |
| axis | p3287-lv | * |
| axis | p3287-lve | * |
| axis | p3288-lv | * |
| axis | p3288-lve | * |
| axis | p3735-ple | * |
| axis | p3737-ple | * |
| axis | p3738-ple | * |
| axis | p3747-plve | * |
| axis | p3748-plve | * |
| axis | p3818-pve | * |
| axis | p3827-pve | * |
| axis | p3905-r_mk_iii | * |
| axis | p3925-lre | * |
| axis | p3925-r | * |
| axis | p3935-lr | * |
| axis | p4705-plve | * |
| axis | p4707-plve | * |
| axis | p4708-plve | * |
| axis | p5654-e | * |
| axis | p5654-e_mk_ii | * |
| axis | p5655-e | * |
| axis | p5676-le | * |
| axis | p7304 | * |
| axis | p7316 | * |
| axis | p9117-pv | * |
| axis | q1615-le_mk_iii | * |
| axis | q1615_mk_iii | * |
| axis | q1656 | * |
| axis | q1656-b | * |
| axis | q1656-be | * |
| axis | q1656-ble | * |
| axis | q1656-dle | * |
| axis | q1656-le | * |
| axis | q1686-dle | * |
| axis | q1715 | * |
| axis | q1728 | * |
| axis | q1728-le | * |
| axis | q1798-le | * |
| axis | q1800-le | * |
| axis | q1800-le-3 | * |
| axis | q1805-le | * |
| axis | q1806-le | * |
| axis | q1808-le | * |
| axis | q1809-le | * |
| axis | q1961-te | * |
| axis | q1961-xte | * |
| axis | q1971-e | * |
| axis | q1972-e | * |
| axis | q2101-te | * |
| axis | q2111-e | * |
| axis | q2112-e | * |
| axis | q3536-lve | * |
| axis | q3538-lve | * |
| axis | q3538-slve | * |
| axis | q3546-lve | * |
| axis | q3548-lve | * |
| axis | q3556-lve | * |
| axis | q3558-lve | * |
| axis | q3626-ve | * |
| axis | q3628-ve | * |
| axis | q3819-pve | * |
| axis | q3839-pve | * |
| axis | q3839-spve | * |
| axis | q4809-pve | * |
| axis | q6020-e | * |
| axis | q6074 | * |
| axis | q6074-e | * |
| axis | q6075 | * |
| axis | q6075-e | * |
| axis | q6075-s | * |
| axis | q6075-se | * |
| axis | q6078-e | * |
| axis | q6135-le | * |
| axis | q6225-le | * |
| axis | q6300-e | * |
| axis | q6315-le | * |
| axis | q6318-le | * |
| axis | q6355-le | * |
| axis | q6358-le | * |
| axis | q8615-e | * |
| axis | q8752-e | * |
| axis | q8752-e_mk_ii | * |
| axis | q9307-lv | * |
| axis | s3008 | * |
| axis | s3008_mk_ii | * |
| axis | s3016 | * |
| axis | s4000 | * |
| axis | v5925 | * |
| axis | v5938 | * |
| axis | w100 | * |
| axis | w101 | * |
| axis | w102 | * |
| axis | w110 | * |
| axis | w120 | * |
| axis | w401 | * |
| axis | xc1311 | * |
| axis | xf40-q1785 | * |
| axis | xfq1656 | * |
| axis | xpq1785 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-732 | The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an ACAP configuration file with improper permissions that could allow command injection. It can potentially lead to privilege escalation if the Axis device is configured to allow the installation of unsigned ACAP applications and if an attacker convinces a user to install a malicious ACAP application.
How can this vulnerability impact me? :
The vulnerability can lead to command injection and privilege escalation on the affected Axis device, potentially allowing an attacker to gain higher privileges and execute unauthorized commands, which could compromise the device's security and functionality.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing any untrusted or unsigned ACAP applications to prevent exploitation.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70