CVE-2025-0325

MEDIUM

Axis - DoS

Title source: llm

Description

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

References (1)

[Various Sources] https://www.axis.com/dam/public/d0/ae/fe/cve-2025-0325pdf-en-US-483808.pdf

Scores

CVSS v3 4.3

EPSS 0.0024

EPSS Percentile 46.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-1287 CWE-628

Status published

Products (6)

Axis Communications AB/AXIS OS 10.0.0 - 10.12.278

Axis Communications AB/AXIS OS 11.0.0 - 11.11.142

Axis Communications AB/AXIS OS 12.0.0 - 12.4.28

Axis Communications AB/AXIS OS 6.50.0 - 6.50.5.21

Axis Communications AB/AXIS OS 7.0.0 - 8.40.74

Axis Communications AB/AXIS OS 9.0.0 - 9.80.100

Published Jun 02, 2025

Tracked Since Feb 18, 2026