CVE-2025-8998

Summary

It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account.

Affected Software

VendorProductVersion RangeStatus
Axis Communications ABAXIS OS6.50.0 < 6.50.5.22affected
Axis Communications ABAXIS OS7.0.0 < 8.40.90affected
Axis Communications ABAXIS OS9.0.0 < 9.80.124affected
Axis Communications ABAXIS OS10.0.0 < 10.12.306affected
Axis Communications ABAXIS OS11.0.0 < 11.11.178affected
Axis Communications ABAXIS OS12.0.0 < 12.7.27affected

Weaknesses

  • CWE-73: CWE-73: External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References