CVE-2025-5452

CWE-2143 documents3 sources

Severity

6.6MEDIUM

EPSS

0.0%

top 88.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Communications AB Axis OS Axis Axis OS

Timeline

PublishedNov 11

Description

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.7 | Impact: 5.9

Affected Packages2 packages

▶NVDaxis/axis_os12.0.0 — 12.6.69

▶CVEListV5axis_communications_ab/axis_os12.0.0 — 12.6.69

🔴Vulnerability Details

GHSA

GHSA-5ww9-v6r8-v66v: A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential pri↗2025-11-11

▶

CVEList

CVE-2025-5452: A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential pri↗2025-11-11

▶