CVE-2025-11142

High CVSS: 7.1

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

Vendor

Axis

Product

Axis Os

CWE

CWE-78

Yayın Tarihi

2026-02-10 06:15:52

Güncelleme

2026-02-28 00:09:21

Source Identifier

product-security@axis.com

KEV Date Added

Kategoriler

CWE-78 Axis Os HIGH Axis 2026

Referanslar

https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf

Benzer Kayıtlar

Medium

CVE-2025-12063

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the…

Medium

CVE-2025-12757

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n…

Medium

CVE-2025-13064

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w…

High

CVE-2025-11547

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

Medium

CVE-2025-8108

An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privileg…

Medium

CVE-2025-5718

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be…