Arbitrary Code Execution Vulnerability in Axis Devices
CVE-2025-4645

6.7MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-4645?

This vulnerability arises from an insufficient input validation in the ACAP configuration file, potentially allowing attackers to execute arbitrary code on affected Axis devices. For this exploit to succeed, the device must be configured to permit the installation of unsigned ACAP applications, and an attacker must persuade the target user to install a compromised application. It highlights the importance of strict input validation and the need for secure installation practices to mitigate risks associated with this vulnerability.

Affected Version(s)

AXIS OS 12.0.0. < 12.6.7

References

https://www.axis.com/dam/public/69/47/ff/cve-2025-4645pdf...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
May 13, 2025

Credit

Keanesec

dcs

JSON