CVE-2025-5695

🗓️ 05 Jun 2025 21:00:21Reported by VulDBType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

Critical command injection vulnerability in FLIR AX8 Backend, upgrade to version 1.55.16 recommended.

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-5695	6 Jun 202501:02	–	circl
CNNVD	Teledyne FLIR AX8 命令注入漏洞	5 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-5695 Teledyne FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection	5 Jun 202521:00	–	cvelist
EUVD	EUVD-2025-17027	3 Oct 202520:07	–	euvd
NVD	CVE-2025-5695	5 Jun 202521:15	–	nvd
OSV	CVE-2025-5695	5 Jun 202521:15	–	osv
Positive Technologies	PT-2025-23980 · Flir · Flir Ax8	5 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-5695	7 Jun 202521:15	–	redhatcve
Tenable Nessus	FLIR Systems AX8 Cameras Command Injection (CVE-2025-5695)	19 Feb 202600:00	–	nessus
Vulnrichment	CVE-2025-5695 Teledyne FLIR AX8 Backend subscriptions.php subscribe_to_alarm command injection	5 Jun 202521:00	–	vulnrichment

NVD

Vulners

Node

flir flir_ax8_firmwareRange1.46.0–1.46.16

AND

flir flir_ax8Match-

[
  {
    "vendor": "Teledyne FLIR",
    "product": "AX8",
    "versions": [
      {
        "version": "1.46.0",
        "status": "affected"
      },
      {
        "version": "1.46.1",
        "status": "affected"
      },
      {
        "version": "1.46.2",
        "status": "affected"
      },
      {
        "version": "1.46.3",
        "status": "affected"
      },
      {
        "version": "1.46.4",
        "status": "affected"
      },
      {
        "version": "1.46.5",
        "status": "affected"
      },
      {
        "version": "1.46.6",
        "status": "affected"
      },
      {
        "version": "1.46.7",
        "status": "affected"
      },
      {
        "version": "1.46.8",
        "status": "affected"
      },
      {
        "version": "1.46.9",
        "status": "affected"
      },
      {
        "version": "1.46.10",
        "status": "affected"
      },
      {
        "version": "1.46.11",
        "status": "affected"
      },
      {
        "version": "1.46.12",
        "status": "affected"
      },
      {
        "version": "1.46.13",
        "status": "affected"
      },
      {
        "version": "1.46.14",
        "status": "affected"
      },
      {
        "version": "1.46.15",
        "status": "affected"
      },
      {
        "version": "1.46.16",
        "status": "affected"
      },
      {
        "version": "1.49.16",
        "status": "unaffected"
      }
    ],
    "modules": [
      "Backend"
    ]
  }
]

Source	Link
github	www.github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_delta()%20in%20FLIR%20AX8.md
flir	www.flir.custhelp.com/app/account/fl_download_software
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
github	www.github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_spot()%20in%20FLIR%20AX8.md
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/
vuldb	www.vuldb.com/

Parameter	Position	Path	Description	CWE
subscribe_to_spot	path	/usr/www/application/models/subscriptions.php	Remote command injection via vulnerable subscription endpoints in subscriptions.php (subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm).	CWE-74, CWE-77
subscribe_to_delta	path	/usr/www/application/models/subscriptions.php	Remote command injection via vulnerable subscription endpoints in subscriptions.php (subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm).	CWE-74, CWE-77
subscribe_to_alarm	path	/usr/www/application/models/subscriptions.php	Remote command injection via vulnerable subscription endpoints in subscriptions.php (subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm).	CWE-74, CWE-77

29 Apr 2026 01:00Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.14.7

CVSS 45.1

CVSS 25.8

CVSS 34.7

EPSS0.04629

SSVC