Skip to main content

Camera Station Pro CVE-2025-0926

MEDIUM
Incorrect Permission Assignment for Critical Resource (CWE-732)
2025-04-23 product-security@axis.com
5.9
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.9 MEDIUM
AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Mar 28, 2026 - 18:38 vuln.today
CVE Published
Apr 23, 2025 - 06:15 nvd
MEDIUM 5.9

DescriptionCVE.org

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

AnalysisAI

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when. Rated medium severity (CVSS 5.9), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Affected products include: Axis Camera Station Pro.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2025-30026 CRITICAL
9.8 Jul 11

CVE-2025-30026 is a critical authentication bypass vulnerability in AXIS Camera Station Server that allows unauthenticat

CVE-2025-30023 CRITICAL
9.0 Jul 11

CVE-2025-30023 is a critical remote code execution vulnerability in a client-server communication protocol that allows a

CVE-2025-30025 HIGH
7.8 Jul 11

CVE-2025-30025 is a local privilege escalation vulnerability in the inter-process communication (IPC) protocol between a

CVE-2025-11547 HIGH
7.8 Feb 10

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. [CV

CVE-2025-1056 MEDIUM
6.1 Apr 23

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the

CVE-2025-12063 MEDIUM
5.7 Feb 10

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the

CVE-2025-12757 MEDIUM
4.6 Feb 10

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are n

CVE-2025-13064 MEDIUM
4.5 Feb 10

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script w

CVE-2025-7622 MEDIUM
5.1 Aug 12

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated

CVE-2024-7696 MEDIUM
6.3 Jan 07

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated mal

Share

CVE-2025-0926 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy