CVE-2025-12063
published 2026-02-10CVE-2025-12063: An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
medium5.7CVSS 3.1
AVAACLPRLUINSUCNIHAN
An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | camera_station_pro | < 6.14.10768 | 6.14.10768 |
| axis_communications_ab | axis_camera_station_pro | >= 6 < 6.14 | 6.14 |