CVE-2025-7622 PUBLISHED

Assigner: Axis
Reserved: 14.07.2025 Published: 12.08.2025 Updated: 12.08.2025

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

Metrics

CVSS 4.0

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L
CVSS Score: 5.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	Low	Confidentiality	Low
Attack Complexity	Low	Integrity	Low	Integrity	Low
Attack Requirements	None	Availability	Low	Availability	Low
Privileges Required	Low
User Interaction	None

CVSS 4.0

Product Status

Vendor	Axis Communications AB
Product	AXIS Camera Station Pro
Versions	Default: unaffected affected from 6 to 6.10 (excl.)

Vendor	Axis Communications AB
Product	AXIS Camera Station
Versions	Default: unaffected affected from 5.32 to 5.59 (excl.)

References

https://www.axis.com/dam/public/c5/9a/3c/cve-2025-7622pdf-en-US-492761.pdf

Problem Types

CWE-918: Server-Side Request Forgery (SSRF) CWE