CVE-2025-1056

Medium CVSS: 6.1

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.
Axis has released a patched version for the highlighted flaw. Please
refer to the Axis security advisory for more information and solution.

Vendor

Axis

Product

Camera Station Pro

CWE

CWE-73

Yayın Tarihi

2025-04-23 06:15:46

Güncelleme

2026-01-14 17:41:50

Source Identifier

product-security@axis.com

KEV Date Added

Kategoriler

CWE-73 Camera Station Pro MEDIUM Axis 2025

Referanslar

https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf

Benzer Kayıtlar

Medium

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the…

Medium

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n…

Medium

CVE-2025-13064

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w…

High

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

High

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio…

Medium

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privileg…