← Back

CVE-2025-7622

nvd nist
Published: Aug 12, 2025Modified: Jan 13, 2026

JSON object

Loading...
5.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less
Source: product-security@axis.com (Secondary)

Description

During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources on the server was discovered.

Affected (2)

Axis
2 products
Camera Station
Camera Station Pro
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Camera Station
From 5.32.244 to 5.59.49607
Camera Station Pro
From 6.0.25729 to 6.10.49500

Related CWEs

CWE-918
Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

References (1)

Source: product-security@axis.com
Vendor Advisory

Timeline

No history available yet.