CVE-2025-1056 | THREATINT

Description

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

PUBLISHED Reserved 2025-02-05 | Published 2025-04-23 | Updated 2025-04-23 | Assigner Axis

MEDIUM: 6.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-73: External Control of File Name or Path

Product status

Default status

unaffected

6 (custom) before 6.8

affected

References

www.axis.com/...c/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf

cve.org (CVE-2025-1056)

nvd.nist.gov (CVE-2025-1056)

Download JSON