CVE-2025-0358
published 2025-06-02CVE-2025-0358: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | >= 12.0.0 < 12.4.0 | 12.4.0 |
| axis_communications_ab | axis_os | >= 12.0.0 < 12.4.0 | 12.4.0 |