SecuriTricks - CVE-2025-4645

Description

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

Product(s) Impacted

Vendor	Product	Versions
Axis	Axis Os A1210 \(-b\) A1214 A1601 A1610 \(-b\) A1710-b A1810-b A8207-ve Mk Ii C1110-e C1111-e C1210-e C1211-e C1310-e Mk Ii C1410 Mk Ii C1510 C1511 C1610-ve C1710 C1720 C6110 C8110 C8210 D1110 D201-s Xpt Q6075 D2110-ve D2210-ve D3110 Mk Ii D4100-ve Mk Ii D4200-ve D6310 Excam Xf Q1785 Excam Xpt Q6075 F9104-b Main Unit F9104-b Mk Ii Main Unit F9111-r Mk Ii Main Unit F9111 Main Unit F9111 Mk Ii Main Unit F9114-b-r Mk Ii Main Unit F9114-b Main Unit F9114-bt F9114 Main Unit Fa51 Fa51-b Fa54 I7010-safety I7010-ve I7020 I8016-lve I8116-e I8307-ve M1055-l M1075-l M1135 M1135-e Mk Ii M1137 M1137-e Mk Ii M2035-le M2036-le M3057-plr Mk Ii M3085-v M3086-v M3086-v Mic M3088-v M3125-lve M3126-lve M3128-lve M3215-lve M3216-lve M3905-r M4215-lv M4215-v M4216-lv M4216-v M4218-lv M4218-v M4225-lve M4227-lve M4228-lve M4308-ple M4317-plr M4317-plve M4318-plr M4318-plve M4327-p M4328-p M5000 M5000-g M5074 M5075 M5075-g M5526-e M7104 M7116 P1245 Mk Ii P1265 Mk Ii P1275 Mk Ii P1385 P1385-b P1385-be P1385-e P1387 P1387-b P1387-be P1387-le P1388 P1388-b P1388-be P1388-le P1465-le P1465-le-3 P1467-le P1468-le P1468-xle P1475-le P1518-e P1518-le P3265-lv P3265-lve P3265-lve-3 P3265-v P3267-lv P3267-lve P3267-lve Mic P3268-lv P3268-lve P3268-slve P3275-lv P3275-lve P3277-lv P3277-lve P3278-lv P3278-lve P3285-lv P3285-lve P3287-lv P3287-lve P3288-lv P3288-lve P3735-ple P3737-ple P3738-ple P3747-plve P3748-plve P3818-pve P3827-pve P3905-r Mk Iii P3925-lre P3925-r P3935-lr P4705-plve P4707-plve P4708-plve P5654-e P5654-e Mk Ii P5655-e P5676-le P7304 P7316 P9117-pv Q1615-le Mk Iii Q1615 Mk Iii Q1656 Q1656-b Q1656-be Q1656-ble Q1656-dle Q1656-le Q1686-dle Q1715 Q1728 Q1728-le Q1798-le Q1800-le Q1800-le-3 Q1805-le Q1806-le Q1808-le Q1809-le Q1961-te Q1961-xte Q1971-e Q1972-e Q2101-te Q2111-e Q2112-e Q3536-lve Q3538-lve Q3538-slve Q3546-lve Q3548-lve Q3556-lve Q3558-lve Q3626-ve Q3628-ve Q3819-pve Q3839-pve Q3839-spve Q4809-pve Q6020-e Q6074 Q6074-e Q6075 Q6075-e Q6075-s Q6075-se Q6078-e Q6135-le Q6225-le Q6300-e Q6315-le Q6318-le Q6355-le Q6358-le Q8615-e Q8752-e Q8752-e Mk Ii Q9307-lv S3008 S3008 Mk Ii S3016 S4000 V5925 V5938 W100 W101 W102 W110 W120 W401 Xc1311 Xf40-q1785 Xfq1656 Xpq1785	* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-1287

Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	axis	axis_os	/	/	/	/	active	/	/	/
h	axis	a1210_\(-b\)	-	/	/	/	/	/	/	/
h	axis	a1214	-	/	/	/	/	/	/	/
h	axis	a1601	-	/	/	/	/	/	/	/
h	axis	a1610_\(-b\)	-	/	/	/	/	/	/	/
h	axis	a1710-b	-	/	/	/	/	/	/	/
h	axis	a1810-b	-	/	/	/	/	/	/	/
h	axis	a8207-ve_mk_ii	-	/	/	/	/	/	/	/
h	axis	c1110-e	-	/	/	/	/	/	/	/
h	axis	c1111-e	-	/	/	/	/	/	/	/
h	axis	c1210-e	-	/	/	/	/	/	/	/
h	axis	c1211-e	-	/	/	/	/	/	/	/
h	axis	c1310-e_mk_ii	-	/	/	/	/	/	/	/
h	axis	c1410_mk_ii	-	/	/	/	/	/	/	/
h	axis	c1510	-	/	/	/	/	/	/	/
h	axis	c1511	-	/	/	/	/	/	/	/
h	axis	c1610-ve	-	/	/	/	/	/	/	/
h	axis	c1710	-	/	/	/	/	/	/	/
h	axis	c1720	-	/	/	/	/	/	/	/
h	axis	c6110	-	/	/	/	/	/	/	/
h	axis	c8110	-	/	/	/	/	/	/	/
h	axis	c8210	-	/	/	/	/	/	/	/
h	axis	d1110	-	/	/	/	/	/	/	/
h	axis	d201-s_xpt_q6075	-	/	/	/	/	/	/	/
h	axis	d2110-ve	-	/	/	/	/	/	/	/
h	axis	d2210-ve	-	/	/	/	/	/	/	/
h	axis	d3110_mk_ii	-	/	/	/	/	/	/	/
h	axis	d4100-ve_mk_ii	-	/	/	/	/	/	/	/
h	axis	d4200-ve	-	/	/	/	/	/	/	/
h	axis	d6310	-	/	/	/	/	/	/	/
h	axis	excam_xf_q1785	-	/	/	/	/	/	/	/
h	axis	excam_xpt_q6075	-	/	/	/	/	/	/	/
h	axis	f9104-b_main_unit	-	/	/	/	/	/	/	/
h	axis	f9104-b_mk_ii_main_unit	-	/	/	/	/	/	/	/
h	axis	f9111-r_mk_ii_main_unit	-	/	/	/	/	/	/	/
h	axis	f9111_main_unit	-	/	/	/	/	/	/	/
h	axis	f9111_mk_ii_main_unit	-	/	/	/	/	/	/	/
h	axis	f9114-b-r_mk_ii_main_unit	-	/	/	/	/	/	/	/
h	axis	f9114-b_main_unit	-	/	/	/	/	/	/	/
h	axis	f9114-bt	-	/	/	/	/	/	/	/
h	axis	f9114_main_unit	-	/	/	/	/	/	/	/
h	axis	fa51	-	/	/	/	/	/	/	/
h	axis	fa51-b	-	/	/	/	/	/	/	/
h	axis	fa54	-	/	/	/	/	/	/	/
h	axis	i7010-safety	-	/	/	/	/	/	/	/
h	axis	i7010-ve	-	/	/	/	/	/	/	/
h	axis	i7020	-	/	/	/	/	/	/	/
h	axis	i8016-lve	-	/	/	/	/	/	/	/
h	axis	i8116-e	-	/	/	/	/	/	/	/
h	axis	i8307-ve	-	/	/	/	/	/	/	/
h	axis	m1055-l	-	/	/	/	/	/	/	/
h	axis	m1075-l	-	/	/	/	/	/	/	/
h	axis	m1135	-	/	/	/	/	/	/	/
h	axis	m1135-e_mk_ii	-	/	/	/	/	/	/	/
h	axis	m1137	-	/	/	/	/	/	/	/
h	axis	m1137-e_mk_ii	-	/	/	/	/	/	/	/
h	axis	m2035-le	-	/	/	/	/	/	/	/
h	axis	m2036-le	-	/	/	/	/	/	/	/
h	axis	m3057-plr_mk_ii	-	/	/	/	/	/	/	/
h	axis	m3085-v	-	/	/	/	/	/	/	/
h	axis	m3086-v	-	/	/	/	/	/	/	/
h	axis	m3086-v_mic	-	/	/	/	/	/	/	/
h	axis	m3088-v	-	/	/	/	/	/	/	/
h	axis	m3125-lve	-	/	/	/	/	/	/	/
h	axis	m3126-lve	-	/	/	/	/	/	/	/
h	axis	m3128-lve	-	/	/	/	/	/	/	/
h	axis	m3215-lve	-	/	/	/	/	/	/	/
h	axis	m3216-lve	-	/	/	/	/	/	/	/
h	axis	m3905-r	-	/	/	/	/	/	/	/
h	axis	m4215-lv	-	/	/	/	/	/	/	/
h	axis	m4215-v	-	/	/	/	/	/	/	/
h	axis	m4216-lv	-	/	/	/	/	/	/	/
h	axis	m4216-v	-	/	/	/	/	/	/	/
h	axis	m4218-lv	-	/	/	/	/	/	/	/
h	axis	m4218-v	-	/	/	/	/	/	/	/
h	axis	m4225-lve	-	/	/	/	/	/	/	/
h	axis	m4227-lve	-	/	/	/	/	/	/	/
h	axis	m4228-lve	-	/	/	/	/	/	/	/
h	axis	m4308-ple	-	/	/	/	/	/	/	/
h	axis	m4317-plr	-	/	/	/	/	/	/	/
h	axis	m4317-plve	-	/	/	/	/	/	/	/
h	axis	m4318-plr	-	/	/	/	/	/	/	/
h	axis	m4318-plve	-	/	/	/	/	/	/	/
h	axis	m4327-p	-	/	/	/	/	/	/	/
h	axis	m4328-p	-	/	/	/	/	/	/	/
h	axis	m5000	-	/	/	/	/	/	/	/
h	axis	m5000-g	-	/	/	/	/	/	/	/
h	axis	m5074	-	/	/	/	/	/	/	/
h	axis	m5075	-	/	/	/	/	/	/	/
h	axis	m5075-g	-	/	/	/	/	/	/	/
h	axis	m5526-e	-	/	/	/	/	/	/	/
h	axis	m7104	-	/	/	/	/	/	/	/
h	axis	m7116	-	/	/	/	/	/	/	/
h	axis	p1245_mk_ii	-	/	/	/	/	/	/	/
h	axis	p1265_mk_ii	-	/	/	/	/	/	/	/
h	axis	p1275_mk_ii	-	/	/	/	/	/	/	/
h	axis	p1385	-	/	/	/	/	/	/	/
h	axis	p1385-b	-	/	/	/	/	/	/	/
h	axis	p1385-be	-	/	/	/	/	/	/	/
h	axis	p1385-e	-	/	/	/	/	/	/	/
h	axis	p1387	-	/	/	/	/	/	/	/
h	axis	p1387-b	-	/	/	/	/	/	/	/
h	axis	p1387-be	-	/	/	/	/	/	/	/
h	axis	p1387-le	-	/	/	/	/	/	/	/
h	axis	p1388	-	/	/	/	/	/	/	/
h	axis	p1388-b	-	/	/	/	/	/	/	/
h	axis	p1388-be	-	/	/	/	/	/	/	/
h	axis	p1388-le	-	/	/	/	/	/	/	/
h	axis	p1465-le	-	/	/	/	/	/	/	/
h	axis	p1465-le-3	-	/	/	/	/	/	/	/
h	axis	p1467-le	-	/	/	/	/	/	/	/
h	axis	p1468-le	-	/	/	/	/	/	/	/
h	axis	p1468-xle	-	/	/	/	/	/	/	/
h	axis	p1475-le	-	/	/	/	/	/	/	/
h	axis	p1518-e	-	/	/	/	/	/	/	/
h	axis	p1518-le	-	/	/	/	/	/	/	/
h	axis	p3265-lv	-	/	/	/	/	/	/	/
h	axis	p3265-lve	-	/	/	/	/	/	/	/
h	axis	p3265-lve-3	-	/	/	/	/	/	/	/
h	axis	p3265-v	-	/	/	/	/	/	/	/
h	axis	p3267-lv	-	/	/	/	/	/	/	/
h	axis	p3267-lve	-	/	/	/	/	/	/	/
h	axis	p3267-lve_mic	-	/	/	/	/	/	/	/
h	axis	p3268-lv	-	/	/	/	/	/	/	/
h	axis	p3268-lve	-	/	/	/	/	/	/	/
h	axis	p3268-slve	-	/	/	/	/	/	/	/
h	axis	p3275-lv	-	/	/	/	/	/	/	/
h	axis	p3275-lve	-	/	/	/	/	/	/	/
h	axis	p3277-lv	-	/	/	/	/	/	/	/
h	axis	p3277-lve	-	/	/	/	/	/	/	/
h	axis	p3278-lv	-	/	/	/	/	/	/	/
h	axis	p3278-lve	-	/	/	/	/	/	/	/
h	axis	p3285-lv	-	/	/	/	/	/	/	/
h	axis	p3285-lve	-	/	/	/	/	/	/	/
h	axis	p3287-lv	-	/	/	/	/	/	/	/
h	axis	p3287-lve	-	/	/	/	/	/	/	/
h	axis	p3288-lv	-	/	/	/	/	/	/	/
h	axis	p3288-lve	-	/	/	/	/	/	/	/
h	axis	p3735-ple	-	/	/	/	/	/	/	/
h	axis	p3737-ple	-	/	/	/	/	/	/	/
h	axis	p3738-ple	-	/	/	/	/	/	/	/
h	axis	p3747-plve	-	/	/	/	/	/	/	/
h	axis	p3748-plve	-	/	/	/	/	/	/	/
h	axis	p3818-pve	-	/	/	/	/	/	/	/
h	axis	p3827-pve	-	/	/	/	/	/	/	/
h	axis	p3905-r_mk_iii	-	/	/	/	/	/	/	/
h	axis	p3925-lre	-	/	/	/	/	/	/	/
h	axis	p3925-r	-	/	/	/	/	/	/	/
h	axis	p3935-lr	-	/	/	/	/	/	/	/
h	axis	p4705-plve	-	/	/	/	/	/	/	/
h	axis	p4707-plve	-	/	/	/	/	/	/	/
h	axis	p4708-plve	-	/	/	/	/	/	/	/
h	axis	p5654-e	-	/	/	/	/	/	/	/
h	axis	p5654-e_mk_ii	-	/	/	/	/	/	/	/
h	axis	p5655-e	-	/	/	/	/	/	/	/
h	axis	p5676-le	-	/	/	/	/	/	/	/
h	axis	p7304	-	/	/	/	/	/	/	/
h	axis	p7316	-	/	/	/	/	/	/	/
h	axis	p9117-pv	-	/	/	/	/	/	/	/
h	axis	q1615-le_mk_iii	-	/	/	/	/	/	/	/
h	axis	q1615_mk_iii	-	/	/	/	/	/	/	/
h	axis	q1656	-	/	/	/	/	/	/	/
h	axis	q1656-b	-	/	/	/	/	/	/	/
h	axis	q1656-be	-	/	/	/	/	/	/	/
h	axis	q1656-ble	-	/	/	/	/	/	/	/
h	axis	q1656-dle	-	/	/	/	/	/	/	/
h	axis	q1656-le	-	/	/	/	/	/	/	/
h	axis	q1686-dle	-	/	/	/	/	/	/	/
h	axis	q1715	-	/	/	/	/	/	/	/
h	axis	q1728	-	/	/	/	/	/	/	/
h	axis	q1728-le	-	/	/	/	/	/	/	/
h	axis	q1798-le	-	/	/	/	/	/	/	/
h	axis	q1800-le	-	/	/	/	/	/	/	/
h	axis	q1800-le-3	-	/	/	/	/	/	/	/
h	axis	q1805-le	-	/	/	/	/	/	/	/
h	axis	q1806-le	-	/	/	/	/	/	/	/
h	axis	q1808-le	-	/	/	/	/	/	/	/
h	axis	q1809-le	-	/	/	/	/	/	/	/
h	axis	q1961-te	-	/	/	/	/	/	/	/
h	axis	q1961-xte	-	/	/	/	/	/	/	/
h	axis	q1971-e	-	/	/	/	/	/	/	/
h	axis	q1972-e	-	/	/	/	/	/	/	/
h	axis	q2101-te	-	/	/	/	/	/	/	/
h	axis	q2111-e	-	/	/	/	/	/	/	/
h	axis	q2112-e	-	/	/	/	/	/	/	/
h	axis	q3536-lve	-	/	/	/	/	/	/	/
h	axis	q3538-lve	-	/	/	/	/	/	/	/
h	axis	q3538-slve	-	/	/	/	/	/	/	/
h	axis	q3546-lve	-	/	/	/	/	/	/	/
h	axis	q3548-lve	-	/	/	/	/	/	/	/
h	axis	q3556-lve	-	/	/	/	/	/	/	/
h	axis	q3558-lve	-	/	/	/	/	/	/	/
h	axis	q3626-ve	-	/	/	/	/	/	/	/
h	axis	q3628-ve	-	/	/	/	/	/	/	/
h	axis	q3819-pve	-	/	/	/	/	/	/	/
h	axis	q3839-pve	-	/	/	/	/	/	/	/
h	axis	q3839-spve	-	/	/	/	/	/	/	/
h	axis	q4809-pve	-	/	/	/	/	/	/	/
h	axis	q6020-e	-	/	/	/	/	/	/	/
h	axis	q6074	-	/	/	/	/	/	/	/
h	axis	q6074-e	-	/	/	/	/	/	/	/
h	axis	q6075	-	/	/	/	/	/	/	/
h	axis	q6075-e	-	/	/	/	/	/	/	/
h	axis	q6075-s	-	/	/	/	/	/	/	/
h	axis	q6075-se	-	/	/	/	/	/	/	/
h	axis	q6078-e	-	/	/	/	/	/	/	/
h	axis	q6135-le	-	/	/	/	/	/	/	/
h	axis	q6225-le	-	/	/	/	/	/	/	/
h	axis	q6300-e	-	/	/	/	/	/	/	/
h	axis	q6315-le	-	/	/	/	/	/	/	/
h	axis	q6318-le	-	/	/	/	/	/	/	/
h	axis	q6355-le	-	/	/	/	/	/	/	/
h	axis	q6358-le	-	/	/	/	/	/	/	/
h	axis	q8615-e	-	/	/	/	/	/	/	/
h	axis	q8752-e	-	/	/	/	/	/	/	/
h	axis	q8752-e_mk_ii	-	/	/	/	/	/	/	/
h	axis	q9307-lv	-	/	/	/	/	/	/	/
h	axis	s3008	-	/	/	/	/	/	/	/
h	axis	s3008_mk_ii	-	/	/	/	/	/	/	/
h	axis	s3016	-	/	/	/	/	/	/	/
h	axis	s4000	-	/	/	/	/	/	/	/
h	axis	v5925	-	/	/	/	/	/	/	/
h	axis	v5938	-	/	/	/	/	/	/	/
h	axis	w100	-	/	/	/	/	/	/	/
h	axis	w101	-	/	/	/	/	/	/	/
h	axis	w102	-	/	/	/	/	/	/	/
h	axis	w110	-	/	/	/	/	/	/	/
h	axis	w120	-	/	/	/	/	/	/	/
h	axis	w401	-	/	/	/	/	/	/	/
h	axis	xc1311	-	/	/	/	/	/	/	/
h	axis	xf40-q1785	-	/	/	/	/	/	/	/
h	axis	xfq1656	-	/	/	/	/	/	/	/
h	axis	xpq1785	-	/	/	/	/	/	/	/

References

https://www.axis.com/dam/public/69/47/ff/cve-2025-4645pdf-en-US-504211.pdf

CVSS Score

6.7 / 10

CVSS Data - 3.1

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: HIGH
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

View Vector String

Timeline

Published: Nov. 11, 2025, 7:15 a.m.
Last Modified: Nov. 24, 2025, 5:57 p.m.

Status : Analyzed

CVE has had analysis completed and all data associations made.

More info

Source

product-security@axis.com

CVE-2025-4645