Privilege Escalation Vulnerability in Axis Devices via Malicious ACAP Applications
CVE-2025-5452

6.6MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-5452?

A vulnerability exists in Axis devices that allows a malicious ACAP application to access sensitive administrator-level service account credentials, which can lead to unauthorized privilege escalation. This exploitation requires the device to be set up to permit unsigned ACAP applications and the attacker to successfully persuade the victim to install the malicious application. Proper security measures and configuration are essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

AXIS OS 12.0.0 < 12.6.69

References

https://www.axis.com/dam/public/39/ba/8b/cve-2025-5452pdf...

CVSS V3.1

Score:

6.6

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jun 2, 2025

Credit

Keanesec

JSON