Primary

Context

Axis Communications AXIS OS Unsigned ACAP Application Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Patched

A vulnerability in Axis Communications AXIS OS versions 12.0.0 through 12.5.35 allows for arbitrary code execution via ACAP applications. The issue arises from insufficient input validation in ACAP configuration files, enabling exploitation if the device is set to permit unsigned ACAP applications and an attacker persuades the user to install a malicious application.

Impact

Exploitation of this vulnerability could lead to unauthorized arbitrary code execution on the affected device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.5.36. Devices not included in this track but still under support will receive a patch according to their planned maintenance and release schedule. It is recommended to update the Axis device software to the latest version.

Added: Aug 12, 2025, 6:22 AM

Updated: Aug 12, 2025, 6:22 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

4.6

remediation

7.7

relevance

0.4

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Communications AXIS OS Unsigned ACAP Application Vulnerability Allowing Arbitrary Code Execution

Vulnerability

Impact

Remediation

Affected Products

Axis AXIS OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating