CVE-2025-12063 PUBLISHED

Assigner: Axis
Reserved: 22.10.2025 Published: 10.02.2026 Updated: 10.02.2026

An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVSS Score: 5.7

Product Status

Vendor Axis Communications AB
Product AXIS Camera Station Pro
Versions Default: unaffected
  • affected from 6 to 6.14 (excl.)

Credits

  • Seth Fogie finder

References

Problem Types

  • CWE-639: Authorization Bypass Through User-Controlled Key CWE