CVE-2025-8108
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-24

Assigner: Axis Communications AB

Description
An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install aΒ malicious ACAP application.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-24
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8108
Affected Vendors & Products
Showing 233 associated CPEs
Vendor Product Version / Range
axis axis_os From 12.0.0 (inc) to 12.7.33 (exc)
axis a1210_\(-b\) *
axis a1214 *
axis a1601 *
axis a1610_\(-b\) *
axis a1710-b *
axis a1810-b *
axis a8207-ve_mk_ii *
axis c1110-e *
axis c1111-e *
axis c1210-e *
axis c1211-e *
axis c1310-e_mk_ii *
axis c1410_mk_ii *
axis c1510 *
axis c1511 *
axis c1610-ve *
axis c1710 *
axis c1720 *
axis c6110 *
axis c8110 *
axis c8210 *
axis d1110 *
axis d201-s_xpt_q6075 *
axis d2110-ve *
axis d2210-ve *
axis d3110_mk_ii *
axis d4100-ve_mk_ii *
axis d4200-ve *
axis d6310 *
axis excam_xf_q1785 *
axis excam_xpt_q6075 *
axis f9104-b_main_unit *
axis f9104-b_mk_ii_main_unit *
axis f9111-r_mk_ii_main_unit *
axis f9111_main_unit *
axis f9111_mk_ii_main_unit *
axis f9114-b-r_mk_ii_main_unit *
axis f9114-b_main_unit *
axis f9114-bt *
axis f9114_main_unit *
axis fa51 *
axis fa51-b *
axis fa54 *
axis i7010-safety *
axis i7010-ve *
axis i7020 *
axis i8016-lve *
axis i8116-e *
axis i8307-ve *
axis m1055-l *
axis m1075-l *
axis m1135 *
axis m1135-e_mk_ii *
axis m1137 *
axis m1137-e_mk_ii *
axis m2035-le *
axis m2036-le *
axis m3057-plr_mk_ii *
axis m3085-v *
axis m3086-v *
axis m3086-v_mic *
axis m3088-v *
axis m3125-lve *
axis m3126-lve *
axis m3128-lve *
axis m3215-lve *
axis m3216-lve *
axis m3905-r *
axis m4215-lv *
axis m4215-v *
axis m4216-lv *
axis m4216-v *
axis m4218-lv *
axis m4218-v *
axis m4225-lve *
axis m4227-lve *
axis m4228-lve *
axis m4308-ple *
axis m4317-plr *
axis m4317-plve *
axis m4318-plr *
axis m4318-plve *
axis m4327-p *
axis m4328-p *
axis m5000 *
axis m5000-g *
axis m5074 *
axis m5075 *
axis m5075-g *
axis m5526-e *
axis m7104 *
axis m7116 *
axis p1245_mk_ii *
axis p1265_mk_ii *
axis p1275_mk_ii *
axis p1385 *
axis p1385-b *
axis p1385-be *
axis p1385-e *
axis p1387 *
axis p1387-b *
axis p1387-be *
axis p1387-le *
axis p1388 *
axis p1388-b *
axis p1388-be *
axis p1388-le *
axis p1465-le *
axis p1465-le-3 *
axis p1467-le *
axis p1468-le *
axis p1468-xle *
axis p1475-le *
axis p1518-e *
axis p1518-le *
axis p3265-lv *
axis p3265-lve *
axis p3265-lve-3 *
axis p3265-v *
axis p3267-lv *
axis p3267-lve *
axis p3267-lve_mic *
axis p3268-lv *
axis p3268-lve *
axis p3268-slve *
axis p3275-lv *
axis p3275-lve *
axis p3277-lv *
axis p3277-lve *
axis p3278-lv *
axis p3278-lve *
axis p3285-lv *
axis p3285-lve *
axis p3287-lv *
axis p3287-lve *
axis p3288-lv *
axis p3288-lve *
axis p3735-ple *
axis p3737-ple *
axis p3738-ple *
axis p3747-plve *
axis p3748-plve *
axis p3818-pve *
axis p3827-pve *
axis p3905-r_mk_iii *
axis p3925-lre *
axis p3925-r *
axis p3935-lr *
axis p4705-plve *
axis p4707-plve *
axis p4708-plve *
axis p5654-e *
axis p5654-e_mk_ii *
axis p5655-e *
axis p5676-le *
axis p7304 *
axis p7316 *
axis p9117-pv *
axis q1615-le_mk_iii *
axis q1615_mk_iii *
axis q1656 *
axis q1656-b *
axis q1656-be *
axis q1656-ble *
axis q1656-dle *
axis q1656-le *
axis q1686-dle *
axis q1715 *
axis q1728 *
axis q1728-le *
axis q1798-le *
axis q1800-le *
axis q1800-le-3 *
axis q1805-le *
axis q1806-le *
axis q1808-le *
axis q1809-le *
axis q1961-te *
axis q1961-xte *
axis q1971-e *
axis q1972-e *
axis q2101-te *
axis q2111-e *
axis q2112-e *
axis q3536-lve *
axis q3538-lve *
axis q3538-slve *
axis q3546-lve *
axis q3548-lve *
axis q3556-lve *
axis q3558-lve *
axis q3626-ve *
axis q3628-ve *
axis q3819-pve *
axis q3839-pve *
axis q3839-spve *
axis q4809-pve *
axis q6020-e *
axis q6074 *
axis q6074-e *
axis q6075 *
axis q6075-e *
axis q6075-s *
axis q6075-se *
axis q6078-e *
axis q6135-le *
axis q6225-le *
axis q6300-e *
axis q6315-le *
axis q6318-le *
axis q6355-le *
axis q6358-le *
axis q8615-e *
axis q8752-e *
axis q8752-e_mk_ii *
axis q9307-lv *
axis s3008 *
axis s3008_mk_ii *
axis s3016 *
axis s4000 *
axis v5925 *
axis v5938 *
axis w100 *
axis w101 *
axis w102 *
axis w110 *
axis w120 *
axis w401 *
axis xc1311 *
axis xf40-q1785 *
axis xfq1656 *
axis xpq1785 *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-732 The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
CWE-1287 The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability involves an ACAP configuration file on an Axis device that has improper permissions and lacks input validation. It can lead to privilege escalation if the device is configured to allow installation of unsigned ACAP applications and if an attacker convinces a user to install a malicious ACAP application.

Impact Analysis

The vulnerability can lead to privilege escalation, meaning an attacker could gain higher-level access or control over the device than intended, potentially compromising confidentiality, integrity, and availability of the system.

Mitigation Strategies

To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent potential privilege escalation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8108. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart