CVE-2025-1056

MEDIUM Year: 2025
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-73
View all →

Vulnerability Description

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or change the content of files in an admin-protected location. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.

Related Vulnerabilities

CVE-2025-32802

MEDIUM
CVSS:6.1(Medium)

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured b...

CWE-732025

CVE-2021-34761

MEDIUM
CVSS:6.0(Medium)

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The att...

CWE-732021

CVE-2023-20234

MEDIUM
CVSS:6.0(Medium)

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. T...

CWE-732023

CVE-2025-29819

MEDIUM
CVSS:6.2(Medium)

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CWE-732025

CVE-2020-8553

MEDIUM
CVSS:5.9(Medium)

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingr...

CWE-732020

CVE-2025-4602

MEDIUM
CVSS:5.9(Medium)

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible f...

CWE-732025