CVE-2025-11142 HIGH

CVE-2025-11142

Vendor Axis Communications Ab

Product AXIS OS

Weakness CWE-78

Published February 10, 2026

Last update February 26, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

What the vulnerability does

01Description

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

Key dates

02Disclosure timeline

February 10, 2026 CVE published

February 26, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-11142 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

04Related CVE

CVE-2023-41200 D-Link DAP-1325 HNAP SetHostIPv6StaticSettings StaticPrefixLength Command Injection Remote Code Execution Vulnerability CVE-2026-5125 raine consult-llm-mcp server.ts child_process.execSync os command injection CVE-2025-1608 LB-LINK AC1900 Router set_manpwd websGetVar os command injection CVE-2025-4032 inclusionAI AWorld shell_tool.py subprocess.Popen os command injection CVE-2025-8629 Kenwood DMX958XR Firmware Update Command Injection Vulnerability

Identifiers

CVE CVE-2025-11142

CWE CWE-78

CVSS 7.1 / HIGH

Affected versions

Vendor Axis Communications Ab

Product AXIS OS

Affected ≥ 12.6.54 and ≤ 12.7.35