CVE-2018-25139

CVE Database · CVE-2018-25139

CVE-2018-25139

· HIGHAnalyzed

CVSS v3.1

7.5

CVSS v4.0

8.7

EPSS

0.45%

Published

Dec 24, 2025

Modified

Dec 31, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

FLIR AX8 Thermal Camera 1.32.16 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly connect to the RTSP stream using tools like VLC or FFmpeg to view and record thermal camera footage.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-306

Affected Products (4)

flir · flir_ax8_firmwarevulnerable

flir · flir_ax8

flir · flir_ax8_firmwarevulnerable

flir · flir_ax8

References (5)

https://www.exploit-db.com/exploits/45606

ExploitThird Party AdvisoryVDB Entry