CVE-2025-1056 - Vulnerability Details - OpenCVE

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Axis	Camera Station Pro

Configuration 1 [-]

cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf

History

Wed, 14 Jan 2026 17:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Axis Axis camera Station Pro
CPEs		cpe:2.3:a:axis:camera_station_pro::::::::
Vendors & Products		Axis Axis camera Station Pro

Wed, 23 Apr 2025 13:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 23 Apr 2025 05:30:00 +0000

Type	Values Removed	Values Added
Description		Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
Weaknesses		CWE-73
References		https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf
Metrics		cvssV3_1 `{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H'}`

MITRE

Status: PUBLISHED

Assigner: Axis

Published: 2025-04-23T05:18:10.120Z

Updated: 2025-04-23T13:09:33.255Z

Reserved: 2025-02-05T07:29:10.344Z

Link: CVE-2025-1056

Vulnrichment

Updated: 2025-04-23T13:09:28.474Z

NVD

Status : Analyzed

Published: 2025-04-23T06:15:46.573

Modified: 2026-01-14T17:41:50.350

Link: CVE-2025-1056

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1056", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2025-02-05T07:29:10.344Z", "datePublished": "2025-04-23T05:18:10.120Z", "dateUpdated": "2025-04-23T13:09:33.255Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS Camera Station Pro", "vendor": "Axis Communications AB", "versions": [{"lessThan": "6.8", "status": "affected", "version": "6", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>\n\n<br>"}], "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:18:47.170Z"}, "references": [{"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:09:24.348886Z", "id": "CVE-2025-1056", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:09:33.255Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1056", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:09:24.348886Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:09:28.474Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS Camera Station Pro", "versions": [{"status": "affected", "version": "6", "lessThan": "6.8", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.", "supportingMedia": [{"type": "text/html", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution.\n\n<br>\n\n<br>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-73", "description": "CWE-73: External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2025-04-23T05:18:47.170Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1056", "state": "PUBLISHED", "dateUpdated": "2025-04-23T13:09:33.255Z", "dateReserved": "2025-02-05T07:29:10.344Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2025-04-23T05:18:10.120Z", "assignerShortName": "Axis"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axis:camera_station_pro:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D02E2CB-4466-44BF-91F6-93C771252E3B", "versionEndExcluding": "6.8.43213", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha identificado un problema con un archivo espec\u00edfico que utiliza el servidor. Un usuario no administrador puede modificar este archivo para crear archivos o cambiar el contenido de los archivos en una ubicaci\u00f3n protegida por el administrador. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "id": "CVE-2025-1056", "lastModified": "2026-01-14T17:41:50.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "product-security@axis.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-23T06:15:46.573", "references": [{"source": "product-security@axis.com", "tags": ["Vendor Advisory"], "url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-73"}], "source": "product-security@axis.com", "type": "Secondary"}]}