CVE-2025-1056
MEDIUMCVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
2Description
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Analysis
Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.
Technical Context
This vulnerability is classified under CWE-73. Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. Affected products include: Axis Camera Station Pro.
Affected Products
Axis Camera Station Pro.
Remediation
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today