Details of VAR-202506-1012

ID

VAR-202506-1012

CVE

CVE-2025-6266

DESCRIPTION

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

Trust: 1.0

sources: NVD: CVE-2025-6266

AFFECTED PRODUCTS

vendor:

flir

model:

ax8

scope:

version:

1.49.16

Trust: 1.0

sources: NVD: CVE-2025-6266

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2025-6266
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2025-6266
value:	CRITICAL
Trust: 1.0

cna@vuldb.com:	CVE-2025-6266
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

cna@vuldb.com:	CVE-2025-6266
baseSeverity:	MEDIUM
baseScore:	6.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	2.8
impactScore:	3.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2025-6266
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: NVD: CVE-2025-6266 // NVD: CVE-2025-6266

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	CWE-284	Trust: 1.0

sources: NVD: CVE-2025-6266

EXTERNAL IDS

db:	VULDB	id:	313270	Trust: 1.0
db:	NVD	id:	CVE-2025-6266	Trust: 1.0

sources: NVD: CVE-2025-6266

REFERENCES

url:	https://vuldb.com/?id.313270	Trust: 1.0
url:	https://vuldb.com/?ctiid.313270	Trust: 1.0
url:	https://vuldb.com/?submit.586692	Trust: 1.0
url:	https://github.com/yzs17/cve/blob/main/flir-ax8/unauthority_file_upload_vulnerabililty.md	Trust: 1.0

sources: NVD: CVE-2025-6266

SOURCES

db:

NVD

id:

CVE-2025-6266

LAST UPDATE DATE

2026-01-14T23:42:01.031000+00:00

SOURCES UPDATE DATE

db:

NVD

id:

CVE-2025-6266

date:

2025-12-31T17:04:19.677

SOURCES RELEASE DATE

db:

NVD

id:

CVE-2025-6266

date:

2025-06-19T12:15:20.537