{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1056", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2025-02-05T07:29:10.344Z", "datePublished": "2025-04-23T05:18:10.120Z", "dateUpdated": "2025-04-23T13:09:33.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS Camera Station Pro", "vendor": "Axis Communications AB", "versions": [{"lessThan": "6.8", "status": "affected", "version": "6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>\n\n<br>"}], "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:18:47.170Z"}, "references": [{"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:09:24.348886Z", "id": "CVE-2025-1056", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:09:33.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1056", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:09:24.348886Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:09:28.474Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS Camera Station Pro", "versions": [{"status": "affected", "version": "6", "lessThan": "6.8", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.", "supportingMedia": [{"type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:18:47.170Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1056", "state": "PUBLISHED", "dateUpdated": "2025-04-23T13:09:33.255Z", "dateReserved": "2025-02-05T07:29:10.344Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2025-04-23T05:18:10.120Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B", "versionEndExcluding": "6.8.43213", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha identificado un problema con un archivo espec\u00edfico que utiliza el servidor. Un usuario no administrador puede modificar este archivo para crear archivos o cambiar el contenido de los archivos en una ubicaci\u00f3n protegida por el administrador. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "id": "CVE-2025-1056", "lastModified": "2026-01-14T17:41:50.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "product-security@axis.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-23T06:15:46.573", "references": [{"source": "product-security@axis.com", "tags": ["Vendor Advisory"], "url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}

{}