CVE-2025-8108Incorrect Permission Assignment in Communications AB Axis OS

CWE-732Incorrect Permission AssignmentCWE-1287Improper Validation of Specified Type of Input3 documents3 sources
Severity
6.7MEDIUMNVD
EPSS
0.0%
top 95.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Axis Communications AB Axis OSAxis OS
Timeline
PublishedNov 11

Description

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDaxis/axis_os12.0.012.7.33
CVEListV5axis_communications_ab/axis_os12.0.012.7.33

🔴Vulnerability Details

2
CVEList
CVE-2025-8108: An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation2025-11-11
GHSA
GHSA-g7h3-4rff-4p2h: An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation2025-11-11
CVE-2025-8108 — Incorrect Permission Assignment | cvebase