1. Home
  2. CVE Database
  3. CVE-2025-5126
HIGH · 8.8

CVE-2025-5126

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation ...

Vulnerability Description

A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
FlirFlir Ax8 Firmware>= 1.46.0, <= 1.46.16
FlirFlir Ax8-

Related Weaknesses (CWE)

CWE-74CWE-77

References

FAQ

What is CVE-2025-5126?

CVE-2025-5126 is a vulnerability with a CVSS score of 8.8 (HIGH). A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation ...

How severe is CVE-2025-5126?

CVE-2025-5126 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-5126?

Check the references section above for vendor advisories and patch information. Affected products include: Flir Flir Ax8 Firmware, Flir Flir Ax8.