Privilege Escalation in Axis Devices Due to Improper Input Validation
CVE-2025-6298

6.7MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-6298?

The vulnerability allows malicious actors to escalate privileges on Axis devices due to improper input validation. This can occur when an Axis device permits the installation of unsigned ACAP applications. If an attacker convinces a victim to install a malicious ACAP application, they may gain elevated privileges, compromising the device's integrity. Ensuring that only trusted and signed applications are installed can mitigate the risk associated with this vulnerability.

Affected Version(s)

AXIS OS 12.0.0 < 12.6.28

References

https://www.axis.com/dam/public/ef/91/c3/cve-2025-6298pdf...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Jun 19, 2025

Credit

Keanesec

JSON