CVE-2025-12757 PUBLISHED

Assigner: Axis
Reserved: 05.11.2025 Published: 10.02.2026 Updated: 10.02.2026

An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to.

Metrics

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
CVSS Score: 4.6

Product Status

Vendor Axis Communications AB
Product AXIS Camera Station Pro
Versions Default: unaffected
  • affected from 6 to 6.14 (excl.)

Credits

  • Seth Fogie finder

References

Problem Types

  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE