Server-Side Injection Vulnerability in Axis Communications Products
CVE-2025-13064

4.5MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Camera Station Pro
Vendor: CVE Published:; 10 February 2026

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-13064?

A server-side injection vulnerability exists in Axis Communications products that allows a malicious admin to exploit a vulnerable application. This attack involves the manipulation of the application to load and execute a harmful script on the server. The exploitation is contingent upon the admin using a compromised client that has been tampered with, making it crucial for administrators to ensure the integrity of their systems to prevent such vulnerabilities from being targeted.

Affected Version(s)

AXIS Camera Station Pro 6 < 6.14

References

https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pd...

CVSS V3.1

Score:

4.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 10, 2026
Vulnerability Reserved
Nov 12, 2025

Credit

Seth Fogie

CVE-2025-13064 Data

JSON