CVE-2025-9524_CVE-2025-9524

4.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Description

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.

Basic Information

ID CVE-2025-9524

Source Axis

Published Nov 11, 2025 at 07:25

Modified Nov 11, 2025 at 07:33

Affected Product

Vendor Axis Communications AB

Product AXIS OS

Version 6.50.0

Affected Versions Axis Communications AB AXIS OS 6.50.0
Axis Communications AB AXIS OS 7.0.0
Axis Communications AB AXIS OS 9.0.0
Axis Communications AB AXIS OS 10.0.0
Axis Communications AB AXIS OS 11.0.0
Axis Communications AB AXIS OS 12.0.0

CWE Classification

CWE-1287

References

www.axis.com /dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf

{
    "lastseen": "",
    "description": "The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.",
    "published": "2025-11-11T07:25:45.754Z",
    "modified": "2025-11-11T07:33:54.758Z",
    "type": "cve",
    "title": "CVE-2025-9524",
    "source": "Axis",
    "references": "https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf-en-US-504220.pdf",
    "id": "CVE-2025-9524",
    "bulletinFamily": "",
    "cwe": [
        "CWE-1287"
    ],
    "cvelist": null,
    "sourceData": "Axis Communications AB AXIS OS 6.50.0\nAxis Communications AB AXIS OS 7.0.0\nAxis Communications AB AXIS OS 9.0.0\nAxis Communications AB AXIS OS 10.0.0\nAxis Communications AB AXIS OS 11.0.0\nAxis Communications AB AXIS OS 12.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "AXIS OS",
    "version": "6.50.0",
    "vendor": "Axis Communications AB",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}