CVE-2025-0361 Information

Description

During an annual penetration test conducted on behalf of Axis Communications Truesec discovered a flaw in the VAPIX Device Configuration framework that allowed for unauthenticated username enumeration through the VAPIX Device Configuration SSH Management API.

Reference

https://www.axis.com/dam/public/f4/9b/13/cve-2025-0361pdf-en-US-474511.pdf