彙總 axis_communications_ab 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 檔案包含與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 異常行為、檔案覆寫與未授權存取 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-9524 | The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account. | [email protected] | 4.3 | 0.22% | 2025-11-11 | 2026-06-17 |
| CVE-2025-9055 | The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | [email protected] | 6.4 | 0.10% | 2025-11-11 | 2026-06-17 |
| CVE-2025-8998 | It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. | [email protected] | 3.1 | 0.20% | 2025-11-11 | 2026-06-17 |
| CVE-2025-10714 | AXIS Optimizer was vulnerable to an unquoted search path vulnerability, which could potentially lead to privilege escalation within Microsoft Windows operating system. This vulnerability can only be exploited if the attacker has access to the local Windows machine and sufficient access rights (administrator) to write data into the installation path of AXIS Optimizer. | [email protected] | 8.4 | 0.10% | 2025-11-11 | 2026-06-17 |
| CVE-2025-6571 | A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it. | [email protected] | 6.0 | 0.09% | 2025-11-11 | 2026-06-17 |