CVE-2025-8998
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-11-11

Last updated on: 2025-11-12

Assigner: Axis Communications AB

Description
It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- orΒ administrator-privileged service account.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-11-11
Last Modified
2025-11-12
Generated
2026-06-16
AI Q&A
2025-11-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8998
Affected Vendors & Products
Showing 6 associated CPEs
Vendor Product Version / Range
axis axis_os 10.12.306
axis axis_os 11.11.178
axis axis_os 8.40.90
axis axis_os 12.7
axis axis_os 9.80.124
axis axis_os 6.50
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-73 The product allows user input to control or influence paths or file names that are used in filesystem operations.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8998 is a vulnerability in AXIS OS versions 6.50 through 12.7 that allows authenticated users with operator or administrator privileges to upload files with specific names to a temporary directory. This can cause process crashes and impact the usability of the device. The issue is related to external control of file names or paths (CWE-73) and has a low severity score of 3.1. [1]

Impact Analysis

If exploited by an authenticated operator or administrator, this vulnerability can cause process crashes on the device, which may impact its usability. However, it does not affect confidentiality or integrity, only availability to a limited extent, and no public exploits are known. [1]

Detection Guidance

This vulnerability involves uploading files with specific names to a temporary directory by authenticated users with operator or administrator privileges. Detection would involve monitoring for such file uploads or attempts to upload files with suspicious or specific names to temporary directories on AXIS OS devices. However, no specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

To mitigate this vulnerability, update your AXIS OS devices to the latest patched versions provided by Axis, such as Active Track 12.7.27, LTS 2024 11.11.178, LTS 2022 10.12.306, LTS 2020 9.80.124, or former LTS versions 8.40.90 and 6.50.5.22 if still under software support. Follow your maintenance schedules to apply these updates. Additionally, restrict operator- or administrator-privileged accounts to trusted users only and monitor for unauthorized file uploads to temporary directories. Contact Axis Technical Support for further assistance if needed. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8998. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart