CVE-2025-5718

MEDIUM EPSS 21.9%
Published Nov 11, 20257mo ago · Modified Jun 17, 20261w ago
6.8 CVSS 3.1
Medium
Find Similar
Published Nov 11, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago

Description

The ACAP Application framework could allow privilege escalation through a symlink attack. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS Details

Base Score
6.8
Exploitability
0.9
Impact
5.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity High
Availability High

Threat Intelligence

EPSS Exploit Probability
21.9% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-59

Affected Products 233

VendorProductVersionRange
axisaxis_os*≥12.0.0  –  <12.6.30
axisa1210_\(-b\)*any
axisa1214*any
axisa1601*any
axisa1610_\(-b\)*any
axisa1710-b*any
axisa1810-b*any
axisa8207-ve_mk_ii*any
axisc1110-e*any
axisc1111-e*any
axisc1210-e*any
axisc1211-e*any
axisc1310-e_mk_ii*any
axisc1410_mk_ii*any
axisc1510*any
axisc1511*any
axisc1610-ve*any
axisc1710*any
axisc1720*any
axisc6110*any
axisc8110*any
axisc8210*any
axisd1110*any
axisd201-s_xpt_q6075*any
axisd2110-ve*any
axisd2210-ve*any
axisd3110_mk_ii*any
axisd4100-ve_mk_ii*any
axisd4200-ve*any
axisd6310*any
axisexcam_xf_q1785*any
axisexcam_xpt_q6075*any
axisf9104-b_main_unit*any
axisf9104-b_mk_ii_main_unit*any
axisf9111-r_mk_ii_main_unit*any
axisf9111_main_unit*any
axisf9111_mk_ii_main_unit*any
axisf9114-b-r_mk_ii_main_unit*any
axisf9114-b_main_unit*any
axisf9114-bt*any
axisf9114_main_unit*any
axisfa51*any
axisfa51-b*any
axisfa54*any
axisi7010-safety*any
axisi7010-ve*any
axisi7020*any
axisi8016-lve*any
axisi8116-e*any
axisi8307-ve*any
axism1055-l*any
axism1075-l*any
axism1135*any
axism1135-e_mk_ii*any
axism1137*any
axism1137-e_mk_ii*any
axism2035-le*any
axism2036-le*any
axism3057-plr_mk_ii*any
axism3085-v*any
axism3086-v*any
axism3086-v_mic*any
axism3088-v*any
axism3125-lve*any
axism3126-lve*any
axism3128-lve*any
axism3215-lve*any
axism3216-lve*any
axism3905-r*any
axism4215-lv*any
axism4215-v*any
axism4216-lv*any
axism4216-v*any
axism4218-lv*any
axism4218-v*any
axism4225-lve*any
axism4227-lve*any
axism4228-lve*any
axism4308-ple*any
axism4317-plr*any
axism4317-plve*any
axism4318-plr*any
axism4318-plve*any
axism4327-p*any
axism4328-p*any
axism5000*any
axism5000-g*any
axism5074*any
axism5075*any
axism5075-g*any
axism5526-e*any
axism7104*any
axism7116*any
axisp1245_mk_ii*any
axisp1265_mk_ii*any
axisp1275_mk_ii*any
axisp1385*any
axisp1385-b*any
axisp1385-be*any
axisp1385-e*any
axisp1387*any
axisp1387-b*any
axisp1387-be*any
axisp1387-le*any
axisp1388*any
axisp1388-b*any
axisp1388-be*any
axisp1388-le*any
axisp1465-le*any
axisp1465-le-3*any
axisp1467-le*any
axisp1468-le*any
axisp1468-xle*any
axisp1475-le*any
axisp1518-e*any
axisp1518-le*any
axisp3265-lv*any
axisp3265-lve*any
axisp3265-lve-3*any
axisp3265-v*any
axisp3267-lv*any
axisp3267-lve*any
axisp3267-lve_mic*any
axisp3268-lv*any
axisp3268-lve*any
axisp3268-slve*any
axisp3275-lv*any
axisp3275-lve*any
axisp3277-lv*any
axisp3277-lve*any
axisp3278-lv*any
axisp3278-lve*any
axisp3285-lv*any
axisp3285-lve*any
axisp3287-lv*any
axisp3287-lve*any
axisp3288-lv*any
axisp3288-lve*any
axisp3735-ple*any
axisp3737-ple*any
axisp3738-ple*any
axisp3747-plve*any
axisp3748-plve*any
axisp3818-pve*any
axisp3827-pve*any
axisp3905-r_mk_iii*any
axisp3925-lre*any
axisp3925-r*any
axisp3935-lr*any
axisp4705-plve*any
axisp4707-plve*any
axisp4708-plve*any
axisp5654-e*any
axisp5654-e_mk_ii*any
axisp5655-e*any
axisp5676-le*any
axisp7304*any
axisp7316*any
axisp9117-pv*any
axisq1615-le_mk_iii*any
axisq1615_mk_iii*any
axisq1656*any
axisq1656-b*any
axisq1656-be*any
axisq1656-ble*any
axisq1656-dle*any
axisq1656-le*any
axisq1686-dle*any
axisq1715*any
axisq1728*any
axisq1728-le*any
axisq1798-le*any
axisq1800-le*any
axisq1800-le-3*any
axisq1805-le*any
axisq1806-le*any
axisq1808-le*any
axisq1809-le*any
axisq1961-te*any
axisq1961-xte*any
axisq1971-e*any
axisq1972-e*any
axisq2101-te*any
axisq2111-e*any
axisq2112-e*any
axisq3536-lve*any
axisq3538-lve*any
axisq3538-slve*any
axisq3546-lve*any
axisq3548-lve*any
axisq3556-lve*any
axisq3558-lve*any
axisq3626-ve*any
axisq3628-ve*any
axisq3819-pve*any
axisq3839-pve*any
axisq3839-spve*any
axisq4809-pve*any
axisq6020-e*any
axisq6074*any
axisq6074-e*any
axisq6075*any
axisq6075-e*any
axisq6075-s*any
axisq6075-se*any
axisq6078-e*any
axisq6135-le*any
axisq6225-le*any
axisq6300-e*any
axisq6315-le*any
axisq6318-le*any
axisq6355-le*any
axisq6358-le*any
axisq8615-e*any
axisq8752-e*any
axisq8752-e_mk_ii*any
axisq9307-lv*any
axiss3008*any
axiss3008_mk_ii*any
axiss3016*any
axiss4000*any
axisv5925*any
axisv5938*any
axisw100*any
axisw101*any
axisw102*any
axisw110*any
axisw120*any
axisw401*any
axisxc1311*any
axisxf40-q1785*any
axisxfq1656*any
axisxpq1785*any

References 1

  • axis.com https://www.axis.com/dam/public/3c/a4/6a/cve-2025-5718pdf-en-US-504214.pdf
    Vendor Advisory

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.