CVE-2025-6779

Description

An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS Details

CVSS Score

6.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:* - VULNERABLE

cpe:2.3:h:axis:a1210_\(-b\):-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:axis:a1610_\(-b\):-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:* - NOT VULNERABLE

支持ACAP应用平台的所有Axis设备型号

固件版本允许安装未签名ACAP应用的Axis设备

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

# CVE-2025-6779 PoC概念验证（仅供安全研究）
# 注意：此代码仅用于验证漏洞存在性，使用需遵守法律和道德规范

import json
import base64

def generate_malicious_acap_manifest():
    """
    生成恶意ACAP应用清单文件
    此PoC展示攻击者如何构造恶意ACAP包结构
    """
    malicious_manifest = {
        'app_name': 'MaliciousACAP',
        'version': '1.0.0',
        'type': 'acquisition',
        'signature': None,  # 未签名应用
        'required_capabilities': [
            'file_write',
            'system_exec',
            'config_modify'
        ],
        'description': 'Malicious ACAP for CVE-2025-6779 demonstration'
    }
    return json.dumps(malicious_manifest, indent=2)

def exploit_config_permission():
    """
    概念验证：展示如何利用配置文件权限不当
    实际攻击需要完整的ACAP开发环境和设备访问权限
    """
    print('[+] CVE-2025-6779 PoC - ACAP Configuration Exploitation')
    print('[+] Target: Axis devices with ACAP enabled')
    print('[+] Prerequisite: Unsigned ACAP installation must be allowed')
    
    # 生成恶意清单
    manifest = generate_malicious_acap_manifest()
    print('\n[+] Generated malicious ACAP manifest:')
    print(manifest)
    
    print('\n[!] Attack requires:')
    print('    1. Social engineering to get victim to install malicious ACAP')
    print('    2. Target device must allow unsigned applications')
    print('    3. Physical or network access to device')

if __name__ == '__main__':
    exploit_config_permission()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-6779
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-6779
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-6779/
[4] VulDB https://vuldb.com/cve/CVE-2025-6779
[5] https://www.axis.com/dam/public/92/9a/13/cve-2025-6779pdf-en-US-504217.pdf

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-6779", "sourceIdentifier": "[email protected]", "published": "2025-11-11T07:15:35.777", "lastModified": "2025-11-24T17:54:55.157", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An ACAP configuration file has improper permissions, which could allow command injection and potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-732"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*", "versionStartIncluding": "12.0.0", "versionEndExcluding": "12.6.40", "matchCriteriaId": "99B99562-D463-4573-855F-44E06D30F33A"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1210_\\(-b\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "A1CDF5C3-76A2-4D39-91C7-0F6D76EA2D0C"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1214:-:*:*:*:*:*:*:*", "matchCriteriaId": "C6BB6630-7BE9-4458-8778-9D6D03BE18E0"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1601:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D256893-7BD3-40A6-9877-2DED01770AC5"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1610_\\(-b\\):-:*:*:*:*:*:*:*", "matchCriteriaId": "02A7D1B6-D87A-47DF-8CB4-76AD56B450EA"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1710-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "AEBFC01F-286A-4FFC-B89D-BC6B9EE4B8C3"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a1810-b:-:*:*:*:*:*:*:*", "matchCriteriaId": "FA6D214C-F555-44A9-952C-E53E00D6A77C"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:a8207-ve_mk_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "CB61500A-D634-436C-8BE9-00CEEC301B55"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1110-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "E1321FB3-DCD0-414A-BC7E-34CB8CAFCC1A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1111-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "9FFCF55C-BDCE-46AD-A1D4-208F27800F5E"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1210-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "1BF027AB-CD4E-4E25-BA5D-63501B544001"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1211-e:-:*:*:*:*:*:*:*", "matchCriteriaId": "55CF4F2F-6FA7-47AC-9C8E-71CCAB97E166"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1310-e_mk_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "55D1250F-54EB-46EE-AFBB-6C0C509A40CE"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1410_mk_ii:-:*:*:*:*:*:*:*", "matchCriteriaId": "1950A515-C3EC-4A2B-858F-22099AEA83DD"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1510:-:*:*:*:*:*:*:*", "matchCriteriaId": "5A49250A-CB14-4D29-9D6A-15369392147A"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1511:-:*:*:*:*:*:*:*", "matchCriteriaId": "4FB5EDDB-5C7F-4C39-AA7B-C26B638BAF64"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1610-ve:-:*:*:*:*:*:*:*", "matchCriteriaId": "72DC480C-B6C1-4E76-BDB7-BC86729C2A71"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1710:-:*:*:*:*:*:*:*", "matchCriteriaId": "2EFEC3A4-559A-4DBC-92BB-A22AF7245FF9"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c1720:-:*:*:*:*:*:*:*", "matchCriteriaId": "B8470994-3AB3-431F-8901-DBE5CB4A4384"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c6110:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF22B591-6B05-4097-BD0E-B13A1D02A6B7"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c8110:-:*:*:*:*:*:*:*", "matchCriteriaId": "44E69A37-BB22-4340-98F8-6C13B90B5F6B"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:c8210:-:*:*:*:*:*:*:*", "matchCriteriaId": "65B41008-04FD-4D4F-8BFB-8121CF889A6C"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:d1110:-:*:*:*:*:*:*:*", "matchCriteriaId": "B4833075-CCD0-4CC5-812E-6122C0C351C9"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:d201-s_xpt_q6075:-:*:*:*:*:*:*:*", "matchCriteriaId": "DBF859C1-5C9F-422A-813C-ADB7418F02AE"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:d2110-ve:-:*:*:*:*:*:*:*", "matchCriteriaId": "FF927000-C686-41E3-96EA-2C3C764FC2D3"}, {"vulnerable": false, "criteria": "cpe:2.3:h:axis:d2210-ve:-:*:*:*:*:*:*:*", "matchCriteriaId": "6719022E-9FA0-487A-88BB-791 ... (truncated)