CVE-2025-9524

Summary

The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.

Affected Software

VendorProductVersion RangeStatus
Axis Communications ABAXIS OS6.50.0 < 6.50.5.21affected
Axis Communications ABAXIS OS7.0.0 < 8.40.89affected
Axis Communications ABAXIS OS9.0.0 < 9.80.123affected
Axis Communications ABAXIS OS10.0.0 < 10.12.305affected
Axis Communications ABAXIS OS11.0.0 < 11.11.177affected
Axis Communications ABAXIS OS12.0.0 < 12.7.11affected

Weaknesses

  • CWE-1287: CWE-1287: Improper Validation of Specified Type of Input

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References