CVE-2025-5695

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions FLIR AX8 versions up to 1.46.16

Description A critical vulnerability has been found in the FLIR AX8 Backend component, affecting the subscribe to spot, subscribe to delta, and subscribe to alarm functions in the /usr/www/application/models/subscriptions.php file. This issue leads to command injection and can be initiated remotely. The exploit has been publicly disclosed.

Recommendations For FLIR AX8 versions up to 1.46.16, upgrade to version 1.55.16 to address this issue. As a temporary workaround, consider restricting access to the affected subscribe to spot, subscribe to delta, and subscribe to alarm functions in the /usr/www/application/models/subscriptions.php file until the upgrade is applied.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-5695

Affected Products

Flir Ax8

CVE-2025-5695

Weakness Enumeration

Related Identifiers

Affected Products

References · 15