CVE-2025-9055

MEDIUM6.4Privilege escalation

Description

The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Axis Communications AB / AXIS OS12.0.0 – 12.7.31

References

MISChttps://www.axis.com/dam/public/23/a3/00/cve-2025-9055pdf-en-US-504219.pdf