Avigilon Access Control Manager — known CVE vulnerabilities
Every CVE whose affected-product data names Avigilon Access Control Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2025-56266 — CVSS 9.8 (critical): A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
CVE-2025-56267 — CVSS 9.8 (critical): A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via…