CVE-2025-6266 is an unrestricted file upload vulnerability found in Teledyne FLIR AX8 thermal imaging cameras running firmware versions up to 1.46. The vulnerability resides in the /upload.php functionality, where the 'File' parameter is insufficiently validated, allowing an attacker to remotely upload arbitrary files without requiring authentication or user interaction. This flaw enables attackers to potentially execute malicious code, alter device configurations, or disrupt device operations, impacting confidentiality, integrity, and availability. The vulnerability is remotely exploitable over the network with low attack complexity and no privileges required, though the CVSS vector indicates a low scope and partial impact on confidentiality, integrity, and availability. The vendor has released version 1.49.16, which refactors the internal web interface to remediate this issue. No known exploits are currently reported in the wild, but public exploit code availability increases the risk of exploitation. The affected device, FLIR AX8, is commonly used in industrial monitoring, building automation, and critical infrastructure environments, making this vulnerability a significant concern for organizations relying on these devices for operational safety and security.

For European organizations, the impact of this vulnerability can be substantial, especially for those in sectors such as energy, manufacturing, transportation, and critical infrastructure where FLIR AX8 devices are deployed for thermal monitoring and safety. Exploitation could allow attackers to upload malicious payloads, potentially leading to unauthorized access, data leakage, manipulation of sensor data, or denial of service conditions. This could disrupt operational technology environments, cause safety hazards, or facilitate lateral movement within networks. Given the device's role in monitoring physical environments, compromise could also affect physical security and safety systems. The medium severity rating reflects a moderate but tangible risk, particularly in environments where these devices are internet-facing or insufficiently segmented. The availability of public exploit code increases the urgency for European entities to address this vulnerability promptly to prevent targeted attacks or opportunistic exploitation.

1. Immediately upgrade all Teledyne FLIR AX8 devices to firmware version 1.49.16 or later, as provided by the vendor, to remediate the unrestricted upload vulnerability. 2. Restrict network access to the device management interfaces by implementing network segmentation and firewall rules, ensuring that only authorized personnel and systems can reach the /upload.php endpoint. 3. Employ strong authentication and access control mechanisms on device management portals to prevent unauthorized access. 4. Monitor network traffic for unusual upload activity or attempts to access the /upload.php endpoint, using intrusion detection/prevention systems tailored for industrial control systems. 5. Conduct regular security audits and vulnerability assessments on operational technology devices to identify and remediate similar issues proactively. 6. Where possible, isolate FLIR AX8 devices from direct internet exposure and use VPNs or secure tunnels for remote management. 7. Maintain an inventory of all deployed FLIR AX8 devices and verify firmware versions to ensure timely patching. 8. Educate operational technology and security teams about the risks associated with device vulnerabilities and the importance of timely updates.