Cyber Resilience

CVE-2025-11142

HighRCE

Published: 10 February 2026

Published
10 February 2026
Modified
28 February 2026
KEV Added
Patch
CVSS Score v3.1 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
EPSS Score 0.0050 38.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2025-11142 is a high-severity OS Command Injection (CWE-78) vulnerability in Axis Axis Os. Its CVSS base score is 7.1 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation of Remote Services (T1210); ranked at the 38.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-11142 is a remote code execution vulnerability in the VAPIX API's mediaclip.cgi endpoint due to insufficient input validation, classified under CWE-78 (OS Command Injection). It affects Axis devices or software exposing this API. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) and was published on 2026-02-10.

An attacker must first authenticate with an operator- or administrator-privileged service account to exploit the flaw over the network with low complexity and no user interaction required. Successful exploitation enables remote code execution, primarily impacting availability with high severity while causing low integrity disruption and no confidentiality loss.

Axis has issued an advisory providing details on the vulnerability, available at https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf. Security practitioners should consult this document for specific mitigation steps and available patches.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
Why these techniques?

OS command injection in remote VAPIX API endpoint enables exploitation of remote services (T1210) and Unix shell execution (T1059.004) after authentication.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2024-47259Same product: Axis Axis Os
CVE-2025-0360Same product: Axis Axis Os
CVE-2025-0359Same product: Axis Axis Os
CVE-2025-56089Shared CWE-78
CVE-2026-0782Shared CWE-78
CVE-2025-56090Shared CWE-78
CVE-2025-64328Shared CWE-78
CVE-2025-10680Shared CWE-78
CVE-2025-45379Shared CWE-78
CVE-2025-59359Shared CWE-78

Affected Assets

axis
axis os
12.6.54 — 12.7.36

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation of inputs to the mediaclip.cgi endpoint to prevent OS command injection exploitation.

prevent

Mandates identification, reporting, and correction of the specific input validation flaw via vendor patching.

preventdetect

Provides vulnerability scanning to identify and remediate command injection flaws like CVE-2025-11142 in Axis devices.

References