CVE-2025-5452

MEDIUM6.6

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application

Published Nov 11, 2025

Modified 1 months ago

No fix available

Details

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

References

WEBhttps://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf-en-US-504212.pdf ADVISORYhttps://www.cve.org/CVERecord?id=CVE-2025-5452

CVSS Analysis

CVSS v3.1

6.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

6.6/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-214

Ecosystems

Timeline

PublishedNov 11, 2025

ModifiedDec 11, 2025