CVE-2025-0360
published 2025-03-04CVE-2025-0360: During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | >= 11.11.0 < 12.2.41 | 12.2.41 |
| axis | axis_os_2024 | < 11.11.135 | 11.11.135 |
| axis_communications_ab | axis_os | >= 11.11.0 < 11.11.135 | 11.11.135 |
| axis_communications_ab | axis_os | >= 12.0.0 < 12.2.41 | 12.2.41 |