CVE-2025-12063

CWE-639 — Insecure Direct Object Reference3 documents3 sources

Severity

5.7MEDIUM

EPSS

0.0%

top 99.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Communications AB Axis Camera Station PRO Axis Camera Station PRO

Timeline

PublishedFeb 10

Description

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDaxis/camera_station_pro< 6.14.10768

▶CVEListV5axis_communications_ab/axis_camera_station_pro6 — 6.14

🔴Vulnerability Details

CVEList

CVE-2025-12063: An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions↗2026-02-10

▶

GHSA

GHSA-qjgj-875g-mq5q: An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions↗2026-02-10

▶