Axis Security Vulnerabilities (CVEs)

Track 34 security vulnerabilities affecting Axis products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

4 Critical

14 High

16 Medium

Sort by:

🔔 Get Alerts for Axis

CVE-2025-12063 5.7

This CVE describes an insecure direct object reference vulnerability where non-admin users can modify or delete data objects they shouldn't have acces...

Feb 10, 2026

CVE-2025-12757 4.6

CVE-2025-12757 is an information disclosure vulnerability in AXIS Camera Station Pro where non-admin users can access restricted information. This aff...

Feb 10, 2026

CVE-2025-13064 4.5

This CVE describes a server-side injection vulnerability where a malicious administrator with a tampered client can inject and execute malicious scrip...

Feb 10, 2026

CVE-2025-11547 7.8

CVE-2025-11547 is a privilege escalation vulnerability in AXIS Camera Station Pro that allows authenticated non-admin users to gain administrative pri...

Feb 10, 2026

CVE-2025-11142 7.1

CVE-2025-11142 is an OS command injection vulnerability in Axis camera VAPIX API's mediaclip.cgi endpoint that allows authenticated attackers with ope...

Feb 10, 2026

CVE-2025-8108 6.7

This CVE describes a privilege escalation vulnerability in Axis devices where improper permissions and lack of input validation in ACAP configuration ...

Nov 11, 2025

CVE-2025-5718 6.8

This CVE describes a privilege escalation vulnerability in the ACAP Application framework through symlink attacks. It affects Axis devices configured ...

Nov 11, 2025

CVE-2025-6298 6.7

This CVE describes a privilege escalation vulnerability in Axis ACAP applications where improper input validation allows malicious applications to gai...

Nov 11, 2025

CVE-2025-6779 6.7

CVE-2025-6779 is an improper permissions vulnerability in ACAP configuration files on Axis devices that could allow command injection and privilege es...

Nov 11, 2025

CVE-2025-5454 6.4

This CVE describes a path traversal vulnerability in Axis ACAP configuration files that could allow privilege escalation. It affects Axis devices conf...

Nov 11, 2025

CVE-2025-5452 6.6

This vulnerability allows malicious ACAP applications to steal admin-level service account credentials from legitimate ACAP applications on Axis devic...

Nov 11, 2025

CVE-2025-3892 6.7

CVE-2025-3892 is a privilege escalation vulnerability in Axis devices that allows ACAP applications to execute with elevated privileges. This affects ...

Aug 12, 2025

CVE-2025-30027 6.7

This CVE describes an ACAP configuration file vulnerability in Axis devices that lacks sufficient input validation, potentially allowing arbitrary cod...

Aug 12, 2025

CVE-2025-7622 5.7

This CVE describes a Server-Side Request Forgery (SSRF) vulnerability that allows authenticated attackers to make the server send requests to internal...

Aug 12, 2025

CVE-2025-30023 9.0

This vulnerability allows authenticated users to execute arbitrary code remotely on affected systems by exploiting a flaw in the client-server communi...

Jul 11, 2025

CVE-2025-30025 7.8

This vulnerability allows a local attacker to escalate privileges by exploiting a flaw in the communication protocol between server processes and serv...

Jul 11, 2025

CVE-2025-30026 9.8

CVE-2025-30026 is an authentication bypass vulnerability in AXIS Camera Station Server that allows attackers to access the system without valid creden...

Jul 11, 2025

CVE-2025-0324 9.4

CVE-2025-0324 is a privilege escalation vulnerability in Axis VAPIX Device Configuration framework that allows authenticated low-privileged users to g...

Jun 2, 2025

CVE-2025-0358 8.8

This vulnerability in Axis Communications' VAPIX Device Configuration framework allows lower-privileged users to escalate their privileges to administ...

Jun 2, 2025

CVE-2025-0926 5.9

A non-admin user can delete critical system files by exploiting a file deletion redirection vulnerability during video recording in Axis Camera Statio...

Apr 23, 2025

CVE-2024-47261 4.3

This vulnerability allows attackers to upload files via the VAPIX API uploadoverlayimage.cgi endpoint in Axis devices, potentially blocking access to ...

Apr 8, 2025

CVE-2025-0359 8.5

This vulnerability in Axis Communication's ACAP Application framework allows applications to bypass D-Bus method restrictions, potentially enabling un...

Mar 4, 2025

CVE-2024-7696 6.3

This vulnerability allows authenticated attackers to tamper with audit logs or perform denial-of-service attacks on AXIS Camera Station servers by cra...

Jan 7, 2025

CVE-2024-6979 6.8

CVE-2024-6979 is a broken access control vulnerability in AXIS OS that allows less-privileged operator or viewer accounts to gain elevated privileges ...

Sep 10, 2024

CVE-2023-5553 7.6

This vulnerability allows attackers to bypass Secure Boot protection on AXIS OS devices, potentially enabling unauthorized firmware modifications or p...

Nov 21, 2023

CVE-2023-21417 7.1

This CVE describes a path traversal vulnerability in Axis camera systems' VAPIX API manageoverlayimage.cgi endpoint that allows authenticated users wi...

Nov 21, 2023

CVE-2023-21414 7.1

This vulnerability allows attackers to bypass Secure Boot protection on Axis devices, potentially enabling unauthorized firmware modifications or pers...

Oct 16, 2023

CVE-2023-21411 7.2

CVE-2023-21411 is an OS command injection vulnerability in Axis camera access control settings that allows authenticated attackers to execute arbitrar...

Aug 3, 2023

CVE-2023-21407 8.8

CVE-2023-21407 is a broken access control vulnerability in Axis Communications products that allows operator accounts to escalate privileges to admini...

Aug 3, 2023

CVE-2023-21409 8.4

This vulnerability allows unprivileged users to access administrator credentials due to insufficient file permissions. Attackers could use these crede...

Aug 3, 2023

CVE-2023-21406 7.1

A heap-based buffer overflow vulnerability in AXIS A1001's OSDP communication handler allows attackers to write data beyond allocated memory boundarie...

Jul 25, 2023

CVE-2017-20049 9.8

This vulnerability in legacy Axis devices allows remote attackers to bypass privilege management through manipulation of CGI scripts. It affects speci...

Jun 15, 2022

CVE-2022-23410 7.8

CVE-2022-23410 is a DLL hijacking vulnerability in AXIS IP Utility that allows attackers to execute arbitrary code with elevated privileges. It affect...

Feb 14, 2022

CVE-2021-31987 7.5

CVE-2021-31987 is an input validation vulnerability in Axis Communications products that allows attackers to bypass blocked SMTP recipients. This affe...

Oct 5, 2021

Why Monitor Axis Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 34+ known vulnerabilities affecting Axis products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Axis packages in under 60 seconds. No agents required - completely agentless scanning that works across Axis deployments.

Free vulnerability database: Access detailed information about every Axis CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Axis CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Axis CVEs Free