Skip to main content

Axis Os 2024 EUVDEUVD-2025-16622

| CVE-2025-0324 CRITICAL
Incomplete Filtering of Special Elements (CWE-791)
2025-06-02 product-security@axis.com
9.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.4 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
Low

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:56 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
11.11.140,12.3.33
EUVD ID Assigned
Mar 14, 2026 - 16:47 euvd
EUVD-2025-16622
Analysis Generated
Mar 14, 2026 - 16:47 vuln.today
CVE Published
Jun 02, 2025 - 08:15 nvd
CRITICAL 9.4

DescriptionCVE.org

The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

AnalysisAI

Privilege escalation in Axis VAPIX framework.

Technical ContextAI

CWE-791.

RemediationAI

Apply firmware update.

Share

EUVD-2025-16622 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy