{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-11142", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "state": "PUBLISHED", "assignerShortName": "Axis", "dateReserved": "2025-09-29T05:03:19.053Z", "datePublished": "2026-02-10T05:32:19.555Z", "dateUpdated": "2026-02-26T15:04:12.975Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "AXIS OS", "vendor": "Axis Communications AB", "versions": [{"lessThanOrEqual": "12.7.35", "status": "affected", "version": "12.6.54", "versionType": "semver"}]}], "cpeApplicability": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:axis_communications_ab:axis_os:*:*:*:*:*:*:*:*", "versionEndIncluding": "12.7.35", "versionStartIncluding": "12.6.54", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "OR"}], "credits": [{"lang": "en", "type": "finder", "value": "51l3nc3"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account."}], "value": "The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2026-02-10T05:57:23.202Z"}, "references": [{"url": "https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.5.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11142", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:18.561375Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T15:04:12.975Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-11142", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-11T04:56:18.561375Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-10T15:19:03.445Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "51l3nc3"}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Axis Communications AB", "product": "AXIS OS", "versions": [{"status": "affected", "version": "12.6.54", "versionType": "semver", "lessThanOrEqual": "12.7.35"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf"}], "x_generator": {"engine": "Vulnogram 0.5.0"}, "descriptions": [{"lang": "en", "value": "The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.", "supportingMedia": [{"type": "text/html", "value": "The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-78", "description": "CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:axis_communications_ab:axis_os:*:*:*:*:*:*:*:*", "vulnerable": true, "versionEndIncluding": "12.7.35", "versionStartIncluding": "12.6.54"}], "operator": "OR"}], "operator": "OR"}], "providerMetadata": {"orgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "shortName": "Axis", "dateUpdated": "2026-02-10T05:57:23.202Z"}}}, "cveMetadata": {"cveId": "CVE-2025-11142", "state": "PUBLISHED", "dateUpdated": "2026-02-26T15:04:12.975Z", "dateReserved": "2025-09-29T05:03:19.053Z", "assignerOrgId": "f2daf9a0-02c2-4b83-a01d-63b3b304b807", "datePublished": "2026-02-10T05:32:19.555Z", "assignerShortName": "Axis"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "matchCriteriaId": "11F77320-FE90-4D11-A24B-F3F5741E5387", "versionEndExcluding": "12.7.36", "versionStartIncluding": "12.6.54", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account."}, {"lang": "es", "value": "La API VAPIX mediaclip.cgi que no ten\u00eda una validaci\u00f3n de entrada suficiente permitiendo una posible ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad solo puede ser explotada despu\u00e9s de autenticarse con una cuenta de servicio con privilegios de operador o administrador."}], "id": "CVE-2025-11142", "lastModified": "2026-02-28T00:09:21.760", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.2, "source": "product-security@axis.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-02-10T06:15:52.430", "references": [{"source": "product-security@axis.com", "tags": ["Vendor Advisory"], "url": "https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf"}], "sourceIdentifier": "product-security@axis.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-78"}], "source": "product-security@axis.com", "type": "Secondary"}]}

{}

{"created": "2026-02-10T11:34:34.461230+00:00", "updated": "2026-02-10T11:34:34.461294+00:00", "vendors": ["axis_communications_ab", "axis_communications_ab$PRODUCT$axis_os"]}