CVE-2025-5452
Last modified
CVE-2025-5452 is a medium-severity vulnerability rated 6.6/10 on the CVSS scale. A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.. EPSS estimates a 0.26% chance of exploitation in the next 30 days.
Description
A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.
Metrics
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Axis | Axis Os | >= 12.0.0, < 12.6.69 |
References
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-5452?
How severe is CVE-2025-5452?
How do I fix CVE-2025-5452?
Are you affected by CVE-2025-5452?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST