Privilege Escalation Vulnerability in VAPIX Device Configuration Framework by Axis Communications
CVE-2025-0360

7.8HIGH

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 4 March 2025

What is CVE-2025-0360?

During a routine penetration test, a vulnerability was identified in the VAPIX Device Configuration framework by Axis Communications. This flaw could potentially allow an attacker to gain unauthorized access to the VAPIX service account D-Bus API, resulting in an inappropriate elevation of user privileges. As a consequence, this issue may expose critical system functions and sensitive data to unauthorized users, posing a significant risk to affected installations.

Affected Version(s)

AXIS OS 11.11.0 < 11.11.135

AXIS OS 12.0.0 < 12.2.41

References

https://www.axis.com/dam/public/b1/fe/46/cve-2025-0360pdf...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 4, 2025
Vulnerability Reserved
Jan 9, 2025

Axis Communications Ab

What is CVE-2025-0360?

Affected Version(s)

References

CVSS V3.1

Timeline