CVE-2025-0325Function Call with Incorrectly Specified Arguments in Communications AB Axis OS

CWE-628Function Call with Incorrectly Specified ArgumentsCWE-1287Improper Validation of Specified Type of Input3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 53.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Axis Communications AB Axis OS
Timeline
PublishedJun 2

Description

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

CVEListV5axis_communications_ab/axis_os6.50.06.50.5.21+5

🔴Vulnerability Details

2
CVEList
CVE-2025-0325: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard2025-06-02
GHSA
GHSA-94x4-24w6-3frw: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard2025-06-02
CVE-2025-0325 — Communications AB Axis OS vulnerability | cvebase