{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-0926", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2025-01-31T06:15:14.691Z", "datePublished": "2025-04-23T05:22:03.489Z", "dateUpdated": "2025-04-23T13:08:49.871Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS Camera Station Pro", "vendor": "Axis Communications AB", "versions": [{"lessThan": "6.8", "status": "affected", "version": "6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>"}], "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:22:03.489Z"}, "references": [{"url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:08:40.609777Z", "id": "CVE-2025-0926", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:08:49.871Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-0926", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:08:40.609777Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:08:44.582Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS Camera Station Pro", "versions": [{"status": "affected", "version": "6", "lessThan": "6.8", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.", "supportingMedia": [{"type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-732", "description": "CWE-732: Incorrect Permission Assignment for Critical Resource"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:22:03.489Z"}}}, "cveMetadata": {"cveId": "CVE-2025-0926", "state": "PUBLISHED", "dateUpdated": "2025-04-23T13:08:49.871Z", "dateReserved": "2025-01-31T06:15:14.691Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2025-04-23T05:22:03.489Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B", "versionEndExcluding": "6.8.43213", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop by redirecting a file deletion when recording video.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha descubierto que un usuario no administrador puede eliminar archivos del sistema que causan un bucle de arranque al redirigir la eliminaci\u00f3n de un archivo al grabar v\u00eddeo. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "id": "CVE-2025-0926", "lastModified": "2026-01-14T17:45:54.573", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.5, "impactScore": 4.0, "source": "product-security@axis.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-23T06:15:45.200", "references": [{"source": "product-security@axis.com", "tags": ["Vendor Advisory"], "url": "https://www.axis.com/dam/public/9d/fe/3f/cve-2025-0926pdf-en-US-479105.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-732"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}

{}