Input Validation Issues in Axis VAPIX API Affects Usability
CVE-2025-9524

4.3MEDIUM

Key Information:

Vendor: Axis Communications Ab
Status: Axis Os
Vendor: CVE Published:; 11 November 2025

🔔 Create Axis Communications Ab Vulnerability Alert

What is CVE-2025-9524?

The Axis VAPIX API's port.cgi component is susceptible to an input validation vulnerability, which can lead to unexpected process crashes and affect the overall usability of the service. This issue requires an attacker to authenticate with a user account that has viewer, operator, or administrator privileges to execute successful exploitation attempts. Proper input validation mechanisms are essential to ensure the integrity and availability of the API services.

Affected Version(s)

AXIS OS 6.50.0 < 6.50.5.21

AXIS OS 7.0.0 < 8.40.89

AXIS OS 9.0.0 < 9.80.123

References

https://www.axis.com/dam/public/f1/f0/1e/cve-2025-9524pdf...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Aug 27, 2025

Credit

Mucoze

JSON