Vulnerability Description
A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Flir | Flir Ax8 Firmware | < 1.49.16 |
| Flir | Flir Ax8 | - |
Related Weaknesses (CWE)
References
- https://github.com/YZS17/CVE/blob/main/FLIR-AX8/Unauthority_file_upload_vulnerabExploitThird Party Advisory
- https://vuldb.com/?ctiid.313270Permissions RequiredVDB Entry
- https://vuldb.com/?id.313270Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.586692Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-6266?
CVE-2025-6266 is a vulnerability with a CVSS score of 6.3 (MEDIUM). A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results i...
How severe is CVE-2025-6266?
CVE-2025-6266 has been rated MEDIUM with a CVSS base score of 6.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6266?
Check the references section above for vendor advisories and patch information. Affected products include: Flir Flir Ax8 Firmware, Flir Flir Ax8.