CVE-2025-0359 HIGH

CVE-2025-0359

Vendor Axis Communications Ab
Product AXIS OS
Weakness CWE-863 · Incorrect authorization
Published March 4, 2025
Last update March 28, 2025

CVSS base score

8.5/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Key dates

02Disclosure timeline

March 4, 2025 CVE published
March 28, 2025 Record updated

Related vulnerabilities

04Related CVE