CVE-2025-1056

{"id": "CVE-2025-1056", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.2, "exploitabilityScore": 1.8}]}, "published": "2025-04-23T06:15:46.573", "references": [{"url": "https://www.axis.com/dam/public/e4/2e/b2/cve-2025-1056pdf-en-US-479106.pdf", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-73"}]}], "descriptions": [{"lang": "en", "value": "Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location.\nAxis has released a patched version for the highlighted flaw. Please \nrefer to the Axis security advisory for more information and solution."}, {"lang": "es", "value": "Gee-netics, miembro del programa de recompensas por errores de AXIS Camera Station Pro, ha identificado un problema con un archivo espec\u00edfico que utiliza el servidor. Un usuario no administrador puede modificar este archivo para crear archivos o cambiar el contenido de los archivos en una ubicaci\u00f3n protegida por el administrador. Axis ha publicado una versi\u00f3n parcheada para la falla detectada. Consulte el aviso de seguridad de Axis para obtener m\u00e1s informaci\u00f3n y soluciones."}], "lastModified": "2025-04-23T14:08:13.383", "sourceIdentifier": "[email protected]"}