We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-0325



Description

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

Reserved 2025-01-08 | Published 2025-06-02 | Updated 2025-06-02 | Assigner Axis


MEDIUM: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem types

CWE-1287: Improper Validation of Specified Type of Input

CWE-628: Function Call with Incorrectly Specified Arguments

Product status

Default status
unaffected

6.50.0 before 6.50.5.21
affected

7.0.0 before 8.40.74
affected

9.0.0 before 9.80.100
affected

10.0.0 before 10.12.278
affected

11.0.0 before 11.11.142
affected

12.0.0 before 12.4.28
affected

Credits

51l3nc3 finder

References

www.axis.com/...c/d0/ae/fe/cve-2025-0325pdf-en-US-483808.pdf

cve.org (CVE-2025-0325)

nvd.nist.gov (CVE-2025-0325)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-0325

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.