CVE-2025-5695

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://flir.custhelp.com/app/account/fl_download_software", "name": "https://flir.custhelp.com/app/account/fl_download_software", "tags": ["Permissions Required"], "refsource": ""}, {"url": "https://github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_delta()%20in%20FLIR%20AX8.md", "name": "https://github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_delta()%20in%20FLIR%20AX8.md", "tags": ["Exploit"], "refsource": ""}, {"url": "https://github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_spot()%20in%20FLIR%20AX8.md", "name": "https://github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_spot()%20in%20FLIR%20AX8.md", "tags": ["Exploit"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.311211", "name": "VDB-311211 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.311211", "name": "VDB-311211 | FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.584532", "name": "Submit #584532 | FLIR AX8 <= 1.46 Command Injection (Duplicate)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.585715", "name": "Submit #585715 | FLIR AX8 <= 1.46 Remote Command Injection", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.585716", "name": "Submit #585716 | FLIR AX8 <= 1.46 Remote Command Injection (Duplicate)", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability classified as critical has been found in FLIR AX8 up to 1.46.16. This affects the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. The manipulation leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.55.16 is able to address this issue. It is recommended to upgrade the affected component."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-77"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-5695", "ASSIGNER": "cna@vuldb.com"}}, "impact": {}, "publishedDate": "2025-06-05T21:15Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:flir:flir_ax8_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.46.16", "versionStartIncluding": "1.46.0"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:flir:flir_ax8:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-06-17T20:38Z"}