CVE-2025-6266

CVE Database · CVE-2025-6266

CVE-2025-6266

· MEDIUMAnalyzed

CVSS v3.1

6.3

CVSS v4.0

2.1

EPSS

0.40%

Published

Jun 19, 2025

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability was detected in Teledyne FLIR AX8 up to 1.46. Affected by this vulnerability is an unknown functionality of the file /upload.php. Performing manipulation of the argument File results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used. Upgrading to version 1.49.16 addresses this issue. Upgrading the affected component is recommended. The vendor points out: "FLIR AX8 internal web site has been refactored to be able to handle the reported vulnerabilities."

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Weaknesses (CWE)

CWE-284CWE-434CWE-434

Affected Products (2)

flir · flir_ax8_firmware (up to 1.49.16)vulnerable

flir · flir_ax8

References (4)

https://github.com/YZS17/CVE/blob/main/FLIR-AX8/Unauthority_file_upload_vulnerabililty.md

ExploitThird Party Advisory

https://vuldb.com/?ctiid.313270

Permissions RequiredVDB Entry

https://vuldb.com/?id.313270

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.586692

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs