CVE-2025-0361
published 2025-04-08CVE-2025-0361: During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | >= 11.11.0 < 12.3.56 | 12.3.56 |
| axis | axis_os_2024 | < 11.11.141 | 11.11.141 |
| axis_communications_ab | axis_os | >= 11.11.0 < 11.11.141 | 11.11.141 |
| axis_communications_ab | axis_os | >= 12.0.0 < 12.3.56 | 12.3.56 |
| msrc | cbl2_vim_8.2.4233-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_vim_8.2.4281-1_on_cbl_mariner_1.0 | — | — |