CVE-2025-5718

CWE-593 documents3 sources

Severity

6.8MEDIUM

EPSS

0.0%

top 84.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Communications AB Axis OS Axis Axis OS

Timeline

PublishedNov 11

Description

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDaxis/axis_os12.0.0 — 12.6.30

▶CVEListV5axis_communications_ab/axis_os12.0.0 — 12.6.30

🔴Vulnerability Details

CVEList

CVE-2025-5718: The ACAP Application framework could allow privilege escalation through a symlink attack↗2025-11-11

▶

GHSA

GHSA-mvpq-6rgj-x5xq: The ACAP Application framework could allow privilege escalation through a symlink attack↗2025-11-11

▶