CVE-2025-13064

MEDIUM EPSS 13.3%

Published Feb 10, 20264mo ago · Modified Jun 17, 20261w ago

4.5 CVSS 3.1

Medium

Published Feb 10, 2026 4mo ago

Last Modified Jun 17, 2026 1w ago

Description

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.

CVSS Details

Base Score

4.5

Exploitability

0.9

Impact

3.6

Vector string

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Attack Vector Adjacent

Attack Complexity Low

Privileges Required High

User Interaction None

Scope Unchanged

Confidentiality None

Integrity None

Availability High

Threat Intelligence

EPSS Exploit Probability

13.3% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Weaknesses 1

CWE-248

Affected Products 1

Vendor	Product	Version	Range
axis	camera_station_pro	*	<6.14.10768

References 1

axis.com https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf

Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.