CVE-2025-5126 | FLIR AX8 up to 1.46.16 settingsregional.php setDataTime year/month/day/hour/minute command injection

A vulnerability classified as critical was found in FLIR AX8 up to 1.46.16. This vulnerability affects the function setDataTime of the file usrwwwapplicationmodelssettingsregional.php. The manipulation of the argument year/month/day/hour/minute leads to command injection.

This vulnerability was named CVE-2025-5126. The attack can be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More