VYPR

VAPIX Device Configuration framework

by Axis

CVEs (2)

  • CVE-2025-0358Jun 2, 2025
    risk 0.00cvss epss 0.00

    During an annual penetration test conducted on behalf of Axis Communication, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed a privilege escalation, enabling a lower-privileged user to gain administrator privileges.

  • CVE-2025-0361Apr 8, 2025
    risk 0.00cvss epss 0.00

    During an annual penetration test conducted on behalf of Axis Communications, Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.