Axis AXIS OS
Moderate fix2 remedies
cpe:2.3:o:axis:axis_os:*:*:*:*:*:*:*
Moderate fix2 remedies
- >= 12.0.0, <= 12.6.65
- >= 11.11.0, <= 11.11.168
Axis Communications AXIS OS Password Exposure Vulnerability in Process Arguments
Vulnerability
Patched
A vulnerability exists in AXIS OS versions 12.0.0 through 12.6.65 and 11.11.0 through 11.11.168, where a third-party component inadvertently exposed its password in process arguments. This flaw allows low-privileged users to access the sensitive information. The vulnerability has been categorized under CWE-522: Insufficiently Protected Credentials.
Impact
Exploitation of this vulnerability could lead to unauthorized access to exposed passwords, potentially allowing for further attacks or privilege escalation.
Remediation
Axis has released patches for this vulnerability in the Active Track 12.6.66 and LTS 2024 11.11.169 versions. Users are advised to update their Axis device software to the latest version available. For devices not included in these tracks but still under support, patches will be released according to the planned maintenance and release schedule.
Added: Nov 11, 2025, 7:16 AM
Updated: Nov 11, 2025, 7:16 AM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
2.5exploitability
3.5remediation
7.7relevance
1.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.