File Modification Vulnerability in Axis Camera Station Pro
CVE-2025-1056

6.1MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Camera Station Pro
Vendor: CVE Published:; 23 April 2025

What is CVE-2025-1056?

Gee-netics, part of the AXIS Camera Station Pro Bug Bounty Program, discovered a vulnerability that allows non-admin users to maliciously modify files within an admin-protected directory. This issue poses a risk by enabling unauthorized file creation and content alteration, potentially compromising the integrity of important administrative functions. Axis has addressed this vulnerability in their latest security patch, so users are encouraged to update their systems promptly. For detailed information and mitigation steps, refer to the Axis security advisory.

Affected Version(s)

AXIS Camera Station Pro 6 < 6.8

References

https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 23, 2025
Vulnerability Reserved
Feb 5, 2025

Axis Communications Ab

What is CVE-2025-1056?

Affected Version(s)

References

CVSS V3.1

Timeline