CVE-2025-0325

Published Jun 2, 2025

Last updated a month ago

CVSS medium 4.3

Overview

Description
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.
Source
product-security@axis.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.3
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Severity
MEDIUM

Weaknesses

product-security@axis.com
CWE-628

Social media

Hype score
Not currently trending

  1. CVE-2025-0325 A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration… https://t.co/Nvx7HFdrPl

    @CVEnew

    2 Jun 2025

    431 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.