Listen to this Post
How the CVE Works
CVE-2025-5127 is a reflected Cross-Site Scripting (XSS) vulnerability in FLIR AX8 firmware versions up to 1.46.16. The flaw exists in the `/prod.php` endpoint, where improper input sanitization of the `cmd` parameter allows attackers to inject malicious JavaScript. When a victim visits a crafted URL, the script executes in their browser context, potentially leading to session hijacking, phishing, or unauthorized actions. The attack is remotely exploitable with low privileges, requiring only user interaction (e.g., clicking a link). Public exploit availability increases its risk.
DailyCVE Form
Platform: FLIR AX8
Version: ≤1.46.16
Vulnerability: XSS
Severity: Medium
Date: 06/16/2025
Prediction: Patch by Q3 2025
What Undercode Say
curl -X GET "http://<TARGET>/prod.php?cmd=<script>alert(1)</script>" nmap -p 80 --script http-xss <TARGET>
How Exploit
1. Craft malicious URL with `cmd` payload.
2. Trick user into clicking link.
3. Steal cookies/session.
Protection from this CVE
- Update firmware post-patch.
- Input sanitization.
- WAF rules.
Impact
- Session hijacking.
- Phishing attacks.
- Unauthorized actions.
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
