CVEFinder.io

CVE-2025-4645

🔶 medium
🔍 Scan for this CVE
Summary

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS Score
6.7
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2025-11-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.9% of all 321,566 vulnerabilities in our database.

#164,380
Below average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Nov 12, 2025
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
Keanesec dcs
SSVC data provided by CISA
Last Modified 2025-11-24
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-1287

📦 Affected Products 1

Vendor Product Status Affected Versions
axis axis_os Affected
≥ 12.0.0 < 12.6.7

🔗 References 1

https://www.axis.com/dam/public/69/47/ff/cve-2025-46...
Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-0541 🔶 medium 6.7 0.0 ACAP applications can gain elevated privileges due to improper input validation during the installation process, potenti... 2026-05-12
CVE-2026-0802 🔶 medium 6.0 0.0 An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead ... 2026-05-12
CVE-2026-0804 🔶 medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to pote... 2026-05-12
CVE-2026-1185 🔶 medium 5.4 0.1 A configuration file on the local file system had improper input validation which could allow code execution and potenti... 2026-05-12
CVE-2025-11142 ⚠️ high 7.1 0.1 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio... 2026-02-10
CVE-2025-5452 🔶 medium 6.6 0.1 A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applicat... 2025-11-11
These CVEs affect the same products