CVE-2025-0325: A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the...

4.3 CVSS

Description

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.

Classification

CVE ID: CVE-2025-0325

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.3

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Problem Types

CWE-1287: Improper Validation of Specified Type of Input CWE-628: Function Call with Incorrectly Specified Arguments

Affected Products

Vendor: Axis Communications AB

Product: AXIS OS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.06% (probability of being exploited)

EPSS Percentile: 17.24% (scored less or equal to compared to others)

EPSS Date: 2025-06-08 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-0325
https://www.axis.com/dam/public/d0/ae/fe/cve-2025-0325pdf-en-US-483808.pdf

Timeline

2025-06-02 08:40:19 UTC
CVE

A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the...