Insecure Direct Object Reference in Axis Communications Products
CVE-2025-12063

5.7MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Camera Station Pro
Vendor: CVE Published:; 10 February 2026

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-12063?

A vulnerability exists within Axis Communications products that permits a non-admin user to access and manipulate certain data objects without proper authorization. This insecure direct object reference can lead to unauthorized data modifications or deletions, raising significant security concerns for product users. Organizations utilizing affected Axis products should review their permissions and consider applying necessary security updates.

Affected Version(s)

AXIS Camera Station Pro 6 < 6.14

References

https://www.axis.com/dam/public/bc/f0/5a/cve-2025-12063pd...

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Oct 22, 2025

Credit

Seth Fogie

CVE-2025-12063 Data

JSON