CVE-2025-0360

{"id": "CVE-2025-0360", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "product-security@axis.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-03-04T06:15:30.180", "references": [{"url": "https://www.axis.com/dam/public/b1/fe/46/cve-2025-0360pdf-en-US-466887.pdf", "tags": ["Vendor Advisory"], "source": "product-security@axis.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "product-security@axis.com", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API."}, {"lang": "es", "value": "Durante una prueba de penetraci\u00f3n anual realizada en nombre de Axis Communication, Truesec descubri\u00f3 una falla en el marco de configuraci\u00f3n del dispositivo VAPIX que podr\u00eda generar un nivel de privilegio de usuario incorrecto en la API D-Bus de la cuenta de servicio VAPIX."}], "lastModified": "2026-01-22T20:59:43.883", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "vulnerable": true, "matchCriteriaId": "6D92D756-A9D3-445F-B4E6-B3FC2D1FB081", "versionEndExcluding": "12.2.41", "versionStartIncluding": "11.11.0"}, {"criteria": "cpe:2.3:o:axis:axis_os_2024:*:*:*:*:lts:*:*:*", "vulnerable": true, "matchCriteriaId": "A3ACD321-ABF7-46AE-A389-E8FD76EF0C51", "versionEndExcluding": "11.11.135"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@axis.com"}