CVE-2025-0360

moderate-risk

Published 2025-03-04

During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that could lead to an incorrect user privilege level in the VAPIX service account D-Bus API.

Do I need to act?

0.20% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (2)

Axis Os

Axis Os 2024

Affected Vendors

Axis

References (1)

Vendor Advisory https://www.axis.com/dam/public/b1/fe/46/cve-2025-0360pdf-en-US-466887.pdf

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 1/34 · Minimal

Exposure 7/34 · Low