CVE-2025-1056
Severity
6.5MEDIUM
EPSS
0.2%
top 59.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 23
Description
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:HExploitability: 1.8 | Impact: 4.2
Affected Packages2 packages
🔴Vulnerability Details
2CVEList▶
CVE-2025-1056: Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using↗2025-04-23
GHSA▶
GHSA-2w8j-h6jx-gc5q: Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using↗2025-04-23
📋Vendor Advisories
1Microsoft▶
Out-of-bounds Read error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commi↗2022-03-08