CVE-2025-8998External Control of File Name or Path in Communications AB Axis OS

CWE-73External Control of File Name or Path3 documents3 sources
Severity
3.1LOWNVD
EPSS
0.0%
top 89.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Axis Communications AB Axis OS
Timeline
PublishedNov 11

Description

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 1.6 | Impact: 1.4

Affected Packages1 packages

CVEListV5axis_communications_ab/axis_os6.50.06.50.5.22+5

🔴Vulnerability Details

2
CVEList
CVE-2025-8998: It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability2025-11-11
GHSA
GHSA-j96f-82pq-xhgw: It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability2025-11-11
CVE-2025-8998 — External Control of File Name or Path | cvebase