CVE-2025-6779

CWE-732 — Incorrect Permission Assignment CWE-787 — Out-of-bounds Write4 documents4 sources

Severity

6.7MEDIUM

EPSS

0.0%

top 95.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Communications AB Axis OS Axis Axis OS

Timeline

PublishedNov 11

Description

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

▶NVDaxis/axis_os12.0.0 — 12.6.40

▶CVEListV5axis_communications_ab/axis_os12.0.0 — 12.6.40

🔴Vulnerability Details

CVEList

CVE-2025-6779: An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation↗2025-11-11

▶

GHSA

GHSA-33g9-x8rg-2pmj: An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation↗2025-11-11

▶

📋Vendor Advisories

Microsoft

Glibc: off-by-one heap-based buffer overflow in __vsyslog_internal()↗2024-01-09

▶