CVE-2025-0358

HIGH

Axis Communication - Privilege Escalation

Title source: llm

Description

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

References (1)

Core 1

Core References

Vendor Advisory

https://www.axis.com/dam/public/35/90/85/cve-2025-0358pdf-en-US-483809.pdf

Scores

CVSS v3 8.8

EPSS 0.0021

EPSS Percentile 11.6%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

axis/axis_os 12.0.0 - 12.4.0

Published Jun 02, 2025

Tracked Since Feb 18, 2026