CVE-2025-0926

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

CVSS v3 5.9 MEDIUM

5.9^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf

Configurations

No configuration.

History

23 Apr 2025, 14:08

Type	Values Removed	Values Added
Summary		(es) Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha descubierto que un usuario no administrador puede eliminar archivos del sistema que causan un bucle de arranque al redirigir la eliminación de un archivo al grabar vídeo. Axis ha publicado una versión parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener más información y soluciones.

23 Apr 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-23 06:15

Updated : 2025-04-23 14:08

NVD link : CVE-2025-0926

Mitre link : CVE-2025-0926

CVE.ORG link : CVE-2025-0926

JSON object : View

Products Affected

No product.

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

5.9 /10