CVE-2025-11142

HighRCE

Published: 10 February 2026

Published

10 February 2026

Modified

28 February 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

EPSS Score 0.0012 30.5th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11142 is a high-severity OS Command Injection (CWE-78) vulnerability in Axis Axis Os. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 30.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation of Remote Services (T1210) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly requires validation of inputs to the mediaclip.cgi endpoint to prevent OS command injection exploitation.

SI-2 Flaw Remediation good match

prevent

Mandates identification, reporting, and correction of the specific input validation flaw via vendor patching.

RA-5 Vulnerability Monitoring and Scanning good match

preventdetect

Provides vulnerability scanning to identify and remediate command injection flaws like CVE-2025-11142 in Axis devices.

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

Why these techniques?

OS command injection in remote VAPIX API endpoint enables exploitation of remote services (T1210) and Unix shell execution (T1059.004) after authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

Deeper analysisAI

CVE-2025-11142 is a remote code execution vulnerability in the VAPIX API's mediaclip.cgi endpoint due to insufficient input validation, classified under CWE-78 (OS Command Injection). It affects Axis devices or software exposing this API. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) and was published on 2026-02-10.

An attacker must first authenticate with an operator- or administrator-privileged service account to exploit the flaw over the network with low complexity and no user interaction required. Successful exploitation enables remote code execution, primarily impacting availability with high severity while causing low integrity disruption and no confidentiality loss.

Axis has issued an advisory providing details on the vulnerability, available at https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf. Security practitioners should consult this document for specific mitigation steps and available patches.