CVE-2025-0681

MEDIUM Year: 2025
CVSS v3 Score
6.2
Medium
Weakness Type
CWE-155
View all →

Vulnerability Description

The Cloud MQTT service of the affected products supports wildcard topic subscription which could allow an attacker to obtain sensitive information from tapping the service communications.

Related Vulnerabilities

CVE-2024-0054

MEDIUM
CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resour...

CWE-1552024

CVE-2024-0055

MEDIUM
CVSS:6.5(Medium)

Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. ...

CWE-1552024

CVE-2024-6509

MEDIUM
CVSS:6.5(Medium)

Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API alwaysmulti.cgi was vulnerable for file globbing which could lead to resource exhaustion of the Axis device. Axis has r...

CWE-1552024

CVE-2025-24376

MEDIUM
CVSS:6.5(Medium)

kubewarden-controller is a Kubernetes controller that allows you to dynamically register Kubewarden admission policies. By design, AdmissionPolicy and AdmissionPolicyGroup can evaluate only namespaced...

CWE-1552025

CVE-2024-47791

HIGH
CVSS:5.3(Medium)

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and f...

CWE-1552024

CVE-2020-1772

HIGH
CVSS:7.5(High)

It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue ...

CWE-1552020