Primary

Context

Axis Communications ACAP Path Traversal Vulnerability Leading to Privilege Escalation

Vulnerability

Patched

A path traversal vulnerability allowing potential privilege escalation has been identified in Axis devices running AXIS OS versions 12.0.0 through 12.6.17. The issue arises from an ACAP configuration file that lacked proper input validation. Exploitation of this vulnerability requires the device to be set up to permit the installation of unsigned ACAP applications. Additionally, an attacker must persuade the victim to install a malicious ACAP application.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation on the affected device.

Remediation

Axis has released a patch for this vulnerability in AXIS OS Active Track 12.6.18. For devices not included in this track but still under support, patches will be provided according to the planned maintenance and release schedule. Users are advised to update their Axis device software to the latest version available.

Added: Nov 11, 2025, 7:26 AM

Updated: Nov 11, 2025, 7:26 AM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

7.5

exploitability

3.2

remediation

7.7

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Axis Communications ACAP Path Traversal Vulnerability Leading to Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Axis AXIS OS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating