CVE-2025-5695

CVE Database · CVE-2025-5695

CVE-2025-5695

· MEDIUMModified

CVSS v3.1

4.7

CVSS v4.0

2.0

EPSS

8.19%

Published

Jun 5, 2025

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribe_to_spot/subscribe_to_delta/subscribe_to_alarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.49.16 will fix this issue. It is suggested to upgrade the affected component. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-74CWE-77CWE-77

Affected Products (2)

flir · flir_ax8_firmwarevulnerable

flir · flir_ax8

References (8)

https://flir.custhelp.com/app/account/fl_download_software

Permissions Required

https://github.com/YZS17/CVE/blob/main/Command%20injection%20vulnerability%20in%20subscribe_to_delta()%20in%20FLIR%20AX8.md

Exploit