Privilege Escalation Risk in VAPIX Edge Storage API by Axis
CVE-2025-9055

6.4MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-9055?

A flaw in the VAPIX Edge Storage API enables privilege escalation that could allow an authenticated user with administrator privileges to gain unauthorized Linux Root access. The vulnerability requires exploitation through an authenticated administrator-privileged service account, posing significant risks to system security if left unaddressed.

Affected Version(s)

AXIS OS 12.0.0 < 12.7.31

References

https://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Aug 15, 2025

Credit

Malacupa

JSON