CVE-2025-9524 MEDIUM

CVE-2025-9524

Vendor Axis Communications Ab
Product AXIS OS
Weakness CWE-1287
Published November 11, 2025
Last update November 14, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.

Key dates

02Disclosure timeline

November 11, 2025 CVE published
November 14, 2025 Record updated