Perceptive Security
SOC/SIEM Consultancy
Axis Communications Camera Station Pro, Camera Station, and Device Manager
Published:
18 December 2025 at 12:00:00
Alert date:
18 December 2025 at 18:04:12
Source:
cisa.gov
CISA advisory for multiple critical vulnerabilities in Axis Communications Camera Station Pro, Camera Station, and Device Manager. CVE-2025-30023 allows remote code execution with CVSS 9.0 critical severity. CVE-2025-30024 enables man-in-the-middle attacks through improper certificate validation. CVE-2025-30025 permits local privilege escalation via deserialization flaws. CVE-2025-30026 allows authentication bypass in Camera Station Server. Vulnerabilities affect widely deployed surveillance systems in commercial facilities and critical manufacturing sectors globally. Fixes available through software updates to latest versions.
Technical details
Mitigation steps:
Affected products:
Axis Communications Camera Station Pro
Axis Communications Camera Station
Axis Communications Device Manager
Related links:
https://www.cisa.gov/news-events/ics-advisories/icsa-25-352-08
https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-08.json
https://nvd.nist.gov/vuln/detail/CVE-2025-30023
https://nvd.nist.gov/vuln/detail/CVE-2025-30024
https://nvd.nist.gov/vuln/detail/CVE-2025-30025
https://nvd.nist.gov/vuln/detail/CVE-2025-30026
https://cwe.mitre.org/data/definitions/502.html
https://cwe.mitre.org/data/definitions/295.html
https://cwe.mitre.org/data/definitions/288.html
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.