CVE-2025-11142

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-11142
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

7.1 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
History

28 Feb 2026, 00:09

Type Values Removed Values Added
CPE cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*
First Time Axis axis Os
Axis
References () https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf - () https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf - Vendor Advisory
Summary
  • (es) La API VAPIX mediaclip.cgi que no tenía una validación de entrada suficiente permitiendo una posible ejecución remota de código. Esta vulnerabilidad solo puede ser explotada después de autenticarse con una cuenta de servicio con privilegios de operador o administrador.

10 Feb 2026, 06:15

Type Values Removed Values Added
New CVE
Information

Published : 2026-02-10 06:15

Updated : 2026-02-28 00:09

NVD link : CVE-2025-11142

Mitre link : CVE-2025-11142

CVE.ORG link : CVE-2025-11142

JSON object : View

Products Affected

axis

  • axis_os
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')