Axis Communications AB AXIS OS up to 12.4.27 Guard Tour VAPIX API improper validation of specified type of input
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.2 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Axis Communications AB AXIS OS up to 8.40.73/9.80.99/10.12.277/11.11.141/12.4.27 and classified as problematic. Affected is an unknown function of the component Guard Tour VAPIX API. Executing a manipulation can lead to improper validation of specified type of input. The identification of this vulnerability is CVE-2025-0325. The attack may be launched remotely. There is no exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability was found in Axis Communications AB AXIS OS up to 8.40.73/9.80.99/10.12.277/11.11.141/12.4.27. It has been declared as problematic. This vulnerability affects an unknown code of the component Guard Tour VAPIX API. The manipulation with an unknown input leads to a improper validation of specified type of input vulnerability. The CWE definition for the vulnerability is CWE-1287. The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. As an impact it is known to affect availability. CVE summarizes:
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
The weakness was shared by 51l3nc3. The advisory is shared for download at axis.com. This vulnerability was named CVE-2025-0325 since 01/08/2025. The exploitation appears to be easy. The attack can be initiated remotely. There are neither technical details nor an exploit publicly available.
Upgrading to version 6.50.5.21, 8.40.74, 9.80.100, 10.12.278, 11.11.142 or 12.4.28 eliminates this vulnerability.
Once again VulDB remains the best source for vulnerability data.
Product
Vendor
Name
Version
- 8.40.0
- 8.40.1
- 8.40.2
- 8.40.3
- 8.40.4
- 8.40.5
- 8.40.6
- 8.40.7
- 8.40.8
- 8.40.9
- 8.40.10
- 8.40.11
- 8.40.12
- 8.40.13
- 8.40.14
- 8.40.15
- 8.40.16
- 8.40.17
- 8.40.18
- 8.40.19
- 8.40.20
- 8.40.21
- 8.40.22
- 8.40.23
- 8.40.24
- 8.40.25
- 8.40.26
- 8.40.27
- 8.40.28
- 8.40.29
- 8.40.30
- 8.40.31
- 8.40.32
- 8.40.33
- 8.40.34
- 8.40.35
- 8.40.36
- 8.40.37
- 8.40.38
- 8.40.39
- 8.40.40
- 8.40.41
- 8.40.42
- 8.40.43
- 8.40.44
- 8.40.45
- 8.40.46
- 8.40.47
- 8.40.48
- 8.40.49
- 8.40.50
- 8.40.51
- 8.40.52
- 8.40.53
- 8.40.54
- 8.40.55
- 8.40.56
- 8.40.57
- 8.40.58
- 8.40.59
- 8.40.60
- 8.40.61
- 8.40.62
- 8.40.63
- 8.40.64
- 8.40.65
- 8.40.66
- 8.40.67
- 8.40.68
- 8.40.69
- 8.40.70
- 8.40.71
- 8.40.72
- 8.40.73
- 9.80.0
- 9.80.1
- 9.80.2
- 9.80.3
- 9.80.4
- 9.80.5
- 9.80.6
- 9.80.7
- 9.80.8
- 9.80.9
- 9.80.10
- 9.80.11
- 9.80.12
- 9.80.13
- 9.80.14
- 9.80.15
- 9.80.16
- 9.80.17
- 9.80.18
- 9.80.19
- 9.80.20
- 9.80.21
- 9.80.22
- 9.80.23
- 9.80.24
- 9.80.25
- 9.80.26
- 9.80.27
- 9.80.28
- 9.80.29
- 9.80.30
- 9.80.31
- 9.80.32
- 9.80.33
- 9.80.34
- 9.80.35
- 9.80.36
- 9.80.37
- 9.80.38
- 9.80.39
- 9.80.40
- 9.80.41
- 9.80.42
- 9.80.43
- 9.80.44
- 9.80.45
- 9.80.46
- 9.80.47
- 9.80.48
- 9.80.49
- 9.80.50
- 9.80.51
- 9.80.52
- 9.80.53
- 9.80.54
- 9.80.55
- 9.80.56
- 9.80.57
- 9.80.58
- 9.80.59
- 9.80.60
- 9.80.61
- 9.80.62
- 9.80.63
- 9.80.64
- 9.80.65
- 9.80.66
- 9.80.67
- 9.80.68
- 9.80.69
- 9.80.70
- 9.80.71
- 9.80.72
- 9.80.73
- 9.80.74
- 9.80.75
- 9.80.76
- 9.80.77
- 9.80.78
- 9.80.79
- 9.80.80
- 9.80.81
- 9.80.82
- 9.80.83
- 9.80.84
- 9.80.85
- 9.80.86
- 9.80.87
- 9.80.88
- 9.80.89
- 9.80.90
- 9.80.91
- 9.80.92
- 9.80.93
- 9.80.94
- 9.80.95
- 9.80.96
- 9.80.97
- 9.80.98
- 9.80.99
- 10.12.277
- 11.11.141
- 12.4.0
- 12.4.1
- 12.4.2
- 12.4.3
- 12.4.4
- 12.4.5
- 12.4.6
- 12.4.7
- 12.4.8
- 12.4.9
- 12.4.10
- 12.4.11
- 12.4.12
- 12.4.13
- 12.4.14
- 12.4.15
- 12.4.16
- 12.4.17
- 12.4.18
- 12.4.19
- 12.4.20
- 12.4.21
- 12.4.22
- 12.4.23
- 12.4.24
- 12.4.25
- 12.4.26
- 12.4.27
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 4.3VulDB Meta Temp Score: 4.2
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔍
VulDB Reliability: 🔍
CNA Base Score: 4.3
CNA Vector (Axis): 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
Exploiting
Class: Improper validation of specified type of inputCWE: CWE-1287 / CWE-20
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: AXIS OS 6.50.5.21/8.40.74/9.80.100/10.12.278/11.11.142/12.4.28
Timeline
01/08/2025 🔍06/02/2025 🔍
06/02/2025 🔍
06/03/2025 🔍
Sources
Advisory: axis.comResearcher: 51l3nc3
Status: Confirmed
CVE: CVE-2025-0325 (🔍)
GCVE (CVE): GCVE-0-2025-0325
GCVE (VulDB): GCVE-100-310804
Entry
Created: 06/02/2025 10:07Updated: 06/03/2025 06:48
Changes: 06/02/2025 10:07 (64), 06/03/2025 06:48 (1)
Complete: 🔍
Cache ID: 216::103
Once again VulDB remains the best source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.