Cyber Posture

CVE-2025-11547

High

Published: 10 February 2026

Published
10 February 2026
Modified
17 February 2026
KEV Added
Patch
CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0001 0.6th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11547 is a high-severity Insertion of Sensitive Information into Log File (CWE-532) vulnerability in Axis Camera Station Pro. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 0.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploitation for Privilege Escalation (T1068). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly remediates the privilege escalation flaw in AXIS Camera Station Pro by establishing processes to identify, prioritize, test, and apply vendor-provided patches or updates.

AC-6 Least Privilege good match
prevent

Enforces least privilege for non-admin users on the server, limiting the potential impact and success of privilege escalation exploits.

AC-3 Access Enforcement good match
prevent

Requires the system to enforce approved access authorizations, preventing non-admin users from elevating privileges through the identified vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
attack.mitre.org →
Why these techniques?

Local privilege escalation vulnerability directly matches Exploitation for Privilege Escalation (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user.

Deeper analysisAI

CVE-2025-11547 is a privilege escalation vulnerability in AXIS Camera Station Pro, enabling a non-admin user to elevate privileges on the server. Published on 2026-02-10, the flaw is rated with a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and maps to CWE-532.

A local attacker with low privileges, such as a non-admin user with access to the server, can exploit this vulnerability with low attack complexity and no user interaction. Successful exploitation results in high impacts to confidentiality, integrity, and availability, potentially allowing the attacker to gain full control over the AXIS Camera Station Pro server.

Mitigation details are provided in the Axis security advisory available at https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1.

Details

CWE(s)
CWE-532

Affected Products

axis
camera station pro
≤ 6.13.55835

CVEs Like This One

CVE-2025-0359Same vendor: Axis
CVE-2025-0360Same vendor: Axis
CVE-2025-30023Same product: Axis Camera Station Pro
CVE-2025-20231Shared CWE-532
CVE-2024-47259Same vendor: Axis
CVE-2025-11142Same vendor: Axis
CVE-2025-48635Shared CWE-532
CVE-2026-24308Shared CWE-532
CVE-2024-7577Shared CWE-532
CVE-2025-1075Shared CWE-532

References