CVE-2025-5452

MEDIUM6.6

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application

Published Nov 11, 2025

Modified 6 days ago

Details

A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

References

WEB

https://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf-en-US-504212.pdf

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2025-5452

CVSS Analysis

CVSS v3.1

6.6

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

HighAC:H

Privileges Required

HighPR:H

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

HighC:H

Integrity

HighI:H

Availability

HighA:H

6.6/CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

Other

CWE-214

Ecosystems

Timeline

PublishedNov 11, 2025

ModifiedFeb 26, 2026