CVE-2025-0358Improper Privilege Management in Communications AB Axis OS

CWE-269Improper Privilege Management3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 59.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Axis Communications AB Axis OSAxis OS
Timeline
PublishedJun 2

Description

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5axis_communications_ab/axis_os12.0.012.4.0
NVDaxis/axis_os12.0.012.4.0

🔴Vulnerability Details

2
CVEList
CVE-2025-0358: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework tha2025-06-02
GHSA
GHSA-279c-7w72-mx63: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework tha2025-06-02
CVE-2025-0358 — Improper Privilege Management | cvebase