CVEFinder.io

CVE-2025-5452

๐Ÿ”ถ medium
๐Ÿ” Scan for this CVE
Summary

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAPย application.

CVSS Score
6.6
Medium
EPSS Score
0.1
Exploit Probability
Published Date
2025-11-11
First Seen: 2026-01-05
๐Ÿ“Š Relative Risk Intelligence

This CVE is Lower Risk - more severe than 48.1% of all 321,566 vulnerabilities in our database.

#166,929
Below average severity
Severity Percentile
๐ŸŽฏ CISA SSVC Assessment Updated: Nov 12, 2025
๐Ÿ” Exploitation Status
None
No known exploits
โš™๏ธ Automatable
NO
Requires human interaction
๐Ÿ’ฅ Technical Impact
Total
Complete system compromise possible
๐Ÿ† Discovered By
Keanesec
SSVC data provided by CISA
Last Modified 2025-11-24
Source NVD ๐Ÿ”—
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-214

๐Ÿ“ฆ Affected Products 1

Vendor Product Status Affected Versions
axis axis_os Affected
≥ 12.0.0 < 12.6.69

๐Ÿ”— References 1

https://www.axis.com/dam/public/39/ba/8b/cve-2025-54...
Vendor Advisory

๐Ÿ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-0541 ๐Ÿ”ถ medium 6.7 0.0 ACAP applications can gain elevated privileges due to improper input validation during the installation process, potenti... 2026-05-12
CVE-2026-0802 ๐Ÿ”ถ medium 6.0 0.0 An ACAP configuration file lacked sufficient input validation, which could allow command injection and potentially lead ... 2026-05-12
CVE-2026-0804 ๐Ÿ”ถ medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow a path traversal attack leading to pote... 2026-05-12
CVE-2026-1185 ๐Ÿ”ถ medium 5.4 0.1 A configuration file on the local file system had improper input validation which could allow code execution and potenti... 2026-05-12
CVE-2025-11142 โš ๏ธ high 7.1 0.1 The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code executio... 2026-02-10
CVE-2025-4645 ๐Ÿ”ถ medium 6.7 0.0 An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vuln... 2025-11-11
These CVEs affect the same products