CVE-2025-5454 – This CVE describes a path traversal vulnerabili... (How to Fix)

Q: What is the severity of CVE-2025-5454?

CVE-2025-5454 has a CVSS score of 6.4 (MEDIUM). This CVE describes a path traversal vulnerability in Axis ACAP configuration files that could allow privilege escalation. It affects Axis devices configured to allow unsigned ACAP application installation. Attackers would need to trick users into installing malicious ACAP applications to exploit this vulnerability.

📋 TL;DR

This CVE describes a path traversal vulnerability in Axis ACAP configuration files that could allow privilege escalation. It affects Axis devices configured to allow unsigned ACAP application installation. Attackers would need to trick users into installing malicious ACAP applications to exploit this vulnerability.

💻 Affected Systems

Products:

Axis network cameras and devices with ACAP support

Versions: Specific versions not detailed in provided reference; check Axis advisory for exact affected versions

Operating Systems: Axis OS (embedded Linux-based)

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if configured to allow installation of unsigned ACAP applications. Default configuration typically blocks unsigned ACAPs.

📦 What is this software?

Axis Os by Axis

View all CVEs affecting Axis Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root privileges, allowing complete control over the Axis device and potential lateral movement within the network.

🟠

Likely Case

Limited privilege escalation within the ACAP application context, potentially allowing access to restricted files or configuration data.

🟢

If Mitigated

No impact if unsigned ACAP applications are blocked or proper input validation is implemented.

🌐 Internet-Facing: MEDIUM - Requires user interaction to install malicious ACAP, but internet-facing devices could be targeted through social engineering.

🏢 Internal Only: LOW - Requires internal user to install malicious ACAP, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to convince victim to install malicious ACAP application. Path traversal occurs after installation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Axis advisory for specific patched firmware versions

Vendor Advisory: https://www.axis.com/dam/public/48/ab/82/cve-2025-5454pdf-en-US-504213.pdf

Restart Required: Yes

Instructions:

1. Download latest firmware from Axis website. 2. Upload firmware to device via web interface. 3. Apply firmware update. 4. Reboot device.

🔧 Temporary Workarounds

Block Unsigned ACAP Applications

all

Configure device to only allow signed ACAP applications

Configure via Axis device web interface: Settings > System > Security > ACAP Application Settings

🧯 If You Can't Patch

Configure device to block all unsigned ACAP applications
Implement network segmentation to isolate Axis devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check ACAP configuration in device web interface to see if unsigned ACAPs are allowed

Check Version:

Check via web interface: Help > About or via SSH: cat /etc/version

Verify Fix Applied:

Verify firmware version matches patched version from Axis advisory and confirm unsigned ACAPs are blocked

📡 Detection & Monitoring

Log Indicators:

Unauthorized ACAP installation attempts
Path traversal patterns in ACAP configuration files

Network Indicators:

Unexpected ACAP package downloads to Axis devices

SIEM Query:

source="axis_device" AND (event="acap_install" OR event="config_modification")

📊 Metadata

CVE ID: CVE-2025-5454

CVSS v3 Score: 6.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-35

EPSS Score: 0.03% exploit probability (7.8th percentile)

Published: November 11, 2025

Last Updated: November 24, 2025

🔗 References

https://www.axis.com/dam/public/48/ab/82/cve-2025-5454pdf-en-US-504213.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5454, you might also want to check these: