Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L
Lifecycle Timeline
6DescriptionCVE.org
The VAPIX Device Configuration framework allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.
AnalysisAI
Privilege escalation in Axis VAPIX framework.
Technical ContextAI
CWE-791.
RemediationAI
Apply firmware update.
More in Axis Os 2024
View allDuring an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Appli
During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Devi
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-pri
51l3nc3, a member of the AXIS OS Bug Bounty Program, has found that the VAPIX API uploadoverlayimage.cgi did not have su
Girishunawane, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API dynamicoverlay.cgi did not have a
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficie
During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Dev
Same weakness CWE-791 – Incomplete Filtering of Special Elements
View allSame technique Privilege Escalation
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16622