Privilege Escalation Vulnerability in Axis ACAP Application Framework
CVE-2025-5718

6.8MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-5718?

The Axis ACAP Application Framework presents a vulnerability that may lead to privilege escalation via a symlink attack. This risk is activated when Axis devices are configured to permit the installation of unsigned ACAP applications. If a user is manipulated into installing a malicious application, it opens the door for attackers to exploit this vulnerability, elevating their permissions and potentially compromising the device's security.

Affected Version(s)

AXIS OS 12.0.0 < 12.6.30

References

https://www.axis.com/dam/public/3c/a4/6a/cve-2025-5718pdf...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jun 5, 2025

Credit

Keanesec

JSON