CVE-2025-3892

EUVD-2025-24222
ACAP applications can be executed with elevated privileges, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAPĀ applications, and if an attacker convinces the victim to install a malicious ACAP application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AxisCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
Affected Products (NVD)
VendorProductVersion
axisaxis_os
12.0.0 ≤
𝑥
< 12.5.31
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.axis.com/dam/public/ae/19/16/cve-2025-3892pdf-en-US-492760.pdf