Vulnerability-Lookup

VAR-202505-2044

Vulnerability from variot - Updated: 2025-10-15 23:52

A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.". FLIR Systems, Inc. of flir ax8 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202505-2044",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ax8",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "flir",
        "version": "1.46.16"
      },
      {
        "model": "ax8",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "flir",
        "version": "1.46.0"
      },
      {
        "model": "ax8",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "flir",
        "version": "flir ax8  firmware  1.46.0  to  1.46.16"
      },
      {
        "model": "ax8",
        "scope": null,
        "trust": 0.8,
        "vendor": "flir",
        "version": null
      },
      {
        "model": "ax8",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "flir",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "cve": "CVE-2025-5127",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "cna@vuldb.com",
            "availabilityImpact": "NONE",
            "baseScore": 4.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2025-5127",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "Single",
            "author": "OTHER",
            "availabilityImpact": "None",
            "baseScore": 4.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2025-007110",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "cna@vuldb.com",
            "availabilityImpact": "NONE",
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.1,
            "id": "CVE-2025-5127",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.3,
            "id": "CVE-2025-5127",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.4,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2025-007110",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "Low",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "cna@vuldb.com",
            "id": "CVE-2025-5127",
            "trust": 1.0,
            "value": "Low"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2025-5127",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "OTHER",
            "id": "JVNDB-2025-007110",
            "trust": 0.8,
            "value": "Medium"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: \"FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.\". FLIR Systems, Inc. of flir ax8 Firmware has a cross-site scripting vulnerability.Information may be obtained and information may be tampered with",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      }
    ],
    "trust": 1.62
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2025-5127",
        "trust": 2.6
      },
      {
        "db": "VULDB",
        "id": "310205",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "id": "VAR-202505-2044",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 1.0
  },
  "last_update_date": "2025-10-15T23:52:02.380000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-94",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-79",
        "trust": 1.0
      },
      {
        "problemtype": "Cross-site scripting (CWE-79) [NVD evaluation ]",
        "trust": 0.8
      },
      {
        "problemtype": " Cross-site scripting (CWE-79) [ others ]",
        "trust": 0.8
      },
      {
        "problemtype": " Code injection (CWE-94) [ others ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://github.com/yzs17/cve/blob/main/xss%20vulnerability%20in%20flir%20ax8.md"
      },
      {
        "trust": 1.8,
        "url": "https://vuldb.com/?id.310205"
      },
      {
        "trust": 1.8,
        "url": "https://vuldb.com/?submit.572265"
      },
      {
        "trust": 1.0,
        "url": "https://vuldb.com/?ctiid.310205"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2025-5127"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2025-06-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "date": "2025-05-24T16:15:23.843000",
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2025-06-17T02:59:00",
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      },
      {
        "date": "2025-10-15T14:15:55.610000",
        "db": "NVD",
        "id": "CVE-2025-5127"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FLIR\u00a0Systems,\u00a0Inc.\u00a0 of \u00a0flir\u00a0ax8\u00a0 Cross-site scripting vulnerability in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2025-007110"
      }
    ],
    "trust": 0.8
  }
}

CVE-2025-5127 (GCVE-0-2025-5127)

Vulnerability from cvelistv5 – Published: 2025-05-24 15:31 – Updated: 2025-10-15 13:18

Title

Teledyne FLIR AX8 prod.php cross site scripting

Summary

Severity ?

5.1 (Medium)


                        
                          CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P

3.5 (Low)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

3.5 (Low)


                        
                          CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CWE

CWE-79 - Cross Site Scripting
CWE-94 - Code Injection

Assigner

VulDB

References

URL

Tags

	https://vuldb.com/?id.310205	vdb-entrytechnical-description
	https://vuldb.com/?ctiid.310205	signaturepermissions-required
	https://vuldb.com/?submit.572265	third-party-advisory
	https://github.com/YZS17/CVE/blob/main/XSS%20vuln…	broken-linkexploit

Impacted products

	Vendor	Product	Version
	Teledyne FLIR	AX8	Affected: 1.46.0 Affected: 1.46.1 Affected: 1.46.2 Affected: 1.46.3 Affected: 1.46.4 Affected: 1.46.5 Affected: 1.46.6 Affected: 1.46.7 Affected: 1.46.8 Affected: 1.46.9 Affected: 1.46.10 Affected: 1.46.11 Affected: 1.46.12 Affected: 1.46.13 Affected: 1.46.14 Affected: 1.46.15 Affected: 1.46.16 Unaffected: 1.49.16

Credits

XU17 (VulDB User)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-5127",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-05-27T14:23:24.595849Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-28T17:40:21.667Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/YZS17/CVE/blob/main/XSS%20vulnerability%20in%20FLIR%20AX8.md"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "AX8",
          "vendor": "Teledyne FLIR",
          "versions": [
            {
              "status": "affected",
              "version": "1.46.0"
            },
            {
              "status": "affected",
              "version": "1.46.1"
            },
            {
              "status": "affected",
              "version": "1.46.2"
            },
            {
              "status": "affected",
              "version": "1.46.3"
            },
            {
              "status": "affected",
              "version": "1.46.4"
            },
            {
              "status": "affected",
              "version": "1.46.5"
            },
            {
              "status": "affected",
              "version": "1.46.6"
            },
            {
              "status": "affected",
              "version": "1.46.7"
            },
            {
              "status": "affected",
              "version": "1.46.8"
            },
            {
              "status": "affected",
              "version": "1.46.9"
            },
            {
              "status": "affected",
              "version": "1.46.10"
            },
            {
              "status": "affected",
              "version": "1.46.11"
            },
            {
              "status": "affected",
              "version": "1.46.12"
            },
            {
              "status": "affected",
              "version": "1.46.13"
            },
            {
              "status": "affected",
              "version": "1.46.14"
            },
            {
              "status": "affected",
              "version": "1.46.15"
            },
            {
              "status": "affected",
              "version": "1.46.16"
            },
            {
              "status": "unaffected",
              "version": "1.49.16"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "XU17 (VulDB User)"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was determined in Teledyne FLIR AX8 up to 1.46.16. This issue affects some unknown processing of the file /prod.php. Executing manipulation of the argument cmd can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 1.49.16 is capable of addressing this issue. It is recommended to upgrade the affected component. The vendor points out: \"FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities.\""
        },
        {
          "lang": "de",
          "value": "Es wurde eine Schwachstelle in Teledyne FLIR AX8 up to 1.46.16 entdeckt. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Datei /prod.php. Durch das Manipulieren des Arguments cmd mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Mit einem Upgrade auf Version 1.49.16 l\u00e4sst sich dieses Problem beheben. Als bestm\u00f6gliche Massnahme wird das Einspielen eines Upgrades empfohlen."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "baseScore": 5.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
            "version": "4.0"
          }
        },
        {
          "cvssV3_1": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.1"
          }
        },
        {
          "cvssV3_0": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C",
            "version": "3.0"
          }
        },
        {
          "cvssV2_0": {
            "baseScore": 4,
            "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C",
            "version": "2.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "Cross Site Scripting",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-15T13:18:44.998Z",
        "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "shortName": "VulDB"
      },
      "references": [
        {
          "name": "VDB-310205 | Teledyne FLIR AX8 prod.php cross site scripting",
          "tags": [
            "vdb-entry",
            "technical-description"
          ],
          "url": "https://vuldb.com/?id.310205"
        },
        {
          "name": "VDB-310205 | CTI Indicators (IOB, IOC, TTP, IOA)",
          "tags": [
            "signature",
            "permissions-required"
          ],
          "url": "https://vuldb.com/?ctiid.310205"
        },
        {
          "name": "Submit #572265 | FLIR AX8 \u003c= 1.46 XSS",
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://vuldb.com/?submit.572265"
        },
        {
          "tags": [
            "broken-link",
            "exploit"
          ],
          "url": "https://github.com/YZS17/CVE/blob/main/XSS%20vulnerability%20in%20FLIR%20AX8.md"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2025-05-23T00:00:00.000Z",
          "value": "Advisory disclosed"
        },
        {
          "lang": "en",
          "time": "2025-05-23T02:00:00.000Z",
          "value": "VulDB entry created"
        },
        {
          "lang": "en",
          "time": "2025-10-15T15:23:25.000Z",
          "value": "VulDB entry last update"
        }
      ],
      "title": "Teledyne FLIR AX8 prod.php cross site scripting"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
    "assignerShortName": "VulDB",
    "cveId": "CVE-2025-5127",
    "datePublished": "2025-05-24T15:31:04.412Z",
    "dateReserved": "2025-05-23T18:09:27.021Z",
    "dateUpdated": "2025-10-15T13:18:44.998Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202505-2044

CVE-2025-5127 (GCVE-0-2025-5127)

Tags

Sightings

Nomenclature