CVE-2025-11142
published 2026-02-10CVE-2025-11142: The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | axis_os | >= 12.6.54 < 12.7.36 | 12.7.36 |
| axis_communications_ab | axis_os | 12.6.54 – 12.7.35 | — |