CVE-2025-5126
HIGHCVSS v3
8.8
HIGH
EPSS Score
10.9%
exploit probability
CISA KEV
No
known exploited
Exploitation
—
SSVC status
Description
A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR
Technical Details
- CVSS v3 Vector
- 3.1
- Published
- 5/24/2025
- Last Modified
- 10/15/2025
Frequently Asked Questions
What is CVE-2025-5126?
A vulnerability was found in Teledyne FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file \usr\www\application\models\settingsregional.php. Performing manipulation of the argument year/month/day/hour/minute results in command injection. The attack may be initiated remotely. The exploit has been made public and could be used. Upgrading to version 1.49.16 is able to resolve this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR
Is CVE-2025-5126 actively exploited?
Active exploitation of CVE-2025-5126 has not been confirmed. The EPSS score is 10.9%, indicating the estimated probability of exploitation in the next 30 days.
What is the CVSS score for CVE-2025-5126?
CVE-2025-5126 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string 3.1.
Is CVE-2025-5126 affecting your environment?
Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.