CVE-2025-9055Execution with Unnecessary Privileges in Communications AB Axis OS

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.0%
top 98.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Axis Communications AB Axis OS
Timeline
PublishedNov 11

Description

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 0.5 | Impact: 5.9

Affected Packages1 packages

CVEListV5axis_communications_ab/axis_os12.0.012.7.31

🔴Vulnerability Details

2
GHSA
GHSA-rfx4-qxj5-wp67: The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges2025-11-11
CVEList
CVE-2025-9055: The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges2025-11-11
CVE-2025-9055 — Execution with Unnecessary Privileges | cvebase