CVE-2025-0359

moderate-risk

Published 2025-03-04

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the ACAP Application framework that allowed applications to access restricted D-Bus methods within the framework. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.5/10 High

LOCAL / LOW complexity

Affected Products (2)

Axis Os

Axis Os 2024

Affected Vendors

Axis

References (1)

Vendor Advisory https://www.axis.com/dam/public/68/08/c5/cve-2025-0359pdf-en-US-466885.pdf

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 0/34 · Minimal

Exposure 7/34 · Low