CVE-2025-11142
Published: 10 February 2026
Description
The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account.
Mitigating Controls (NIST 800-53 r5)AI
Directly requires validation of inputs to the mediaclip.cgi endpoint to prevent OS command injection exploitation.
Mandates identification, reporting, and correction of the specific input validation flaw via vendor patching.
Provides vulnerability scanning to identify and remediate command injection flaws like CVE-2025-11142 in Axis devices.
Security SummaryAI
CVE-2025-11142 is a remote code execution vulnerability in the VAPIX API's mediaclip.cgi endpoint due to insufficient input validation, classified under CWE-78 (OS Command Injection). It affects Axis devices or software exposing this API. The vulnerability received a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H) and was published on 2026-02-10.
An attacker must first authenticate with an operator- or administrator-privileged service account to exploit the flaw over the network with low complexity and no user interaction required. Successful exploitation enables remote code execution, primarily impacting availability with high severity while causing low integrity disruption and no confidentiality loss.
Axis has issued an advisory providing details on the vulnerability, available at https://www.axis.com/dam/public/18/0e/90/cve-2025-11142pdf-en-US-519291.pdf. Security practitioners should consult this document for specific mitigation steps and available patches.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OS command injection in remote VAPIX API endpoint enables exploitation of remote services (T1210) and Unix shell execution (T1059.004) after authentication.