PT-2025-46304 · Axis Communications · Axis
Keanesec
·
Published
2025-11-11
·
Updated
2025-11-24
·
CVE-2025-5452
CVSS v3.1
6.6
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Axis (affected versions not specified)
Description
A malicious ACAP application can obtain admin-level service account credentials utilized by legitimate ACAP applications, potentially allowing for privilege escalation of the malicious ACAP application. This is possible if the Axis device permits the installation of unsigned ACAP applications and an attacker successfully convinces a user to install a malicious ACAP application.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
LPE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Axis