CVE-2025-13064
published 2026-02-10CVE-2025-13064: A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This…
medium4.5CVSS 3.1
AVAACLPRHUINSUCNINAH
A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| axis | camera_station_pro | < 6.14.10768 | 6.14.10768 |
| axis_communications_ab | axis_camera_station_pro | >= 6 < 6.14 | 6.14 |