CVE-2025-13064

Published: Feb 10, 2026Modified: Feb 17, 2026

4.5

Vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 0.9 / Impact: 3.6

Source: product-security@axis.com (Secondary)

Description

A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This attack is only possible if the admin uses a client that have been tampered with.

Affected (1)

Products: Axis: Camera Station Pro

Axis

1 product

Camera Station Pro

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axis Camera Station Pro	Before 6.14.10768

Related CWEs

CWE-248

Uncaught Exception

An exception is thrown from a function, but it is not caught.

References (1)

https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf

Source: product-security@axis.com

Vendor Advisory

Timeline

No history available yet.