D-Bus Method Access Vulnerability in Axis Communication ACAP Application Framework
CVE-2025-0359

8.5HIGH

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-0359?

A vulnerability has been identified in the ACAP Application Framework utilized by Axis Communication. During a routine penetration test, it was discovered that unauthorized applications could access restricted D-Bus methods, potentially exposing sensitive operations. This flaw necessitates immediate attention to ensure the integrity and security of applications utilizing the framework. Axis Communication has provided patched versions of AXIS OS to address this issue. For detailed information and solutions, reference the security advisory from Axis.

Affected Version(s)

AXIS OS 11.11.0 < 11.11.135

AXIS OS 12.0.0 < 12.2.52

References

https://www.axis.com/dam/public/68/08/c5/cve-2025-0359pdf...

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Jan 9, 2025

Axis Communications Ab

What is CVE-2025-0359?

Affected Version(s)

References

CVSS V3.1

Timeline