What is the CVSS score of CVE-2025-11142?

CVE-2025-11142 has a CVSS 3.1 base score of 7.1 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H. EPSS exploitation probability: 0.1%.

Which versions of Axis Os are affected by CVE-2025-11142?

CVE-2025-11142 affects Axis VAPIX API and allows authenticated users with operator or administrator privileges to execute arbitrary code on affected devices.

How to fix or mitigate CVE-2025-11142?

Within 24 hours: Inventory all Axis devices using VAPIX API and identify which have operator/administrator accounts enabled; restrict network access to mediaclip.cgi endpoints where possible. Within 7 days: Implement network segmentation to isolate affected Axis devices; conduct access reviews to minimize operator/administrator account usage; enable enhanced logging on these devices. Within 30 days: Consult Axis for patch availability and test in non-production environment; develop and execute a patching plan; consider replacing unsupported devices if patches remain unavailable.

Axis Os CVE-2025-11142

HIGH

OS Command Injection (CWE-78)

2026-02-10 product-security@axis.com

RCE Axis Os

7.1

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

CVE Published

Feb 10, 2026 - 06:15 nvd

HIGH 7.1

DescriptionNVD

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

AnalysisAI

Technical ContextAI

Classified as CWE-78 (OS Command Injection). Affects Axis Os. The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

RemediationAI

Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.

CVE-2025-11142 vulnerability details – vuln.today

Back