Security Flaws Discovered in Axis Communications Video Surveillance Products
Cybersecurity experts have recently identified several vulnerabilities within the video surveillance systems of Axis Communications. These flaws have raised significant concerns as they could potentially allow unauthorized access and control over various devices.
Nature of the Vulnerabilities
According to Noam Moshe, a researcher at Claroty, one of the most critical issues involves pre-authentication remote code execution. This flaw primarily affects the Axis Device Manager—a platform responsible for managing and configuring camera fleets—as well as the Axis Camera Station, which is used to monitor camera feeds. The vulnerabilities not only jeopardize user safety but also open doors for attackers to execute targeted operations.
Potential Risk Scenarios
The vulnerabilities arise from issues in the communication protocols between clients and servers. If exploited, online miscreants can enumerate vulnerable devices using internet scans of exposed Axis.Remoting services. This enables them to conduct focused and sophisticated attacks.
Details of Identified Vulnerabilities
The researchers have categorized the vulnerabilities as follows:
-
CVE-2025-30023 (CVSS Score: 9.0)
A significant issue in the client-server communication protocol. This could allow an authenticated user to execute remote code without proper authorization. Fixes for this flaw have been implemented in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32. -
CVE-2025-30024 (CVSS Score: 6.8)
This vulnerability could facilitate an adversary-in-the-middle (AitM) attack, leveraging flaws in the communication protocol. Patch has been released in Device Manager 5.32. -
CVE-2025-30025 (CVSS Score: 4.8)
Issues in the server service control communication can result in local privilege escalation. This has been addressed in Camera Station Pro 6.8 and Device Manager 5.32. - CVE-2025-30026 (CVSS Score: 5.3)
A vulnerability in the Axis Camera Station Server that may bypass authentication processes, with fixes available in Camera Station Pro 6.9 and Camera Station 5.58.
Exploitation Impact
If these vulnerabilities are successfully exploited, attackers could position themselves between the Camera Station and its clients, leading to potential alterations in requests and responses. This would grant them the capability to execute arbitrary actions on both server and client systems.
Notably, there is currently no evidence that these vulnerabilities have been actively exploited in real-world scenarios.
Current Internet Exposure
Claroty further reports that over 6,500 servers are exposing the proprietary Axis.Remoting protocol and services across the internet. Alarmingly, nearly 4,000 of these vulnerabilities are concentrated within the United States.
Moshe elaborates on the risks, stating that successful exploitation could grant attackers system-level access within the internal networks where these systems are deployed. This access would allow them to take control of each camera, manipulating feeds—whether to watch, hijack, or disable them. Such capabilities could facilitate unauthorized bypassing of authentication methods, leading to serious breaches.
In summary, the discovery of these vulnerabilities has raised critical alarms in the cybersecurity community, underscoring the need for immediate action to safeguard these surveillance systems against potential exploitation. Ensuring timely updates and patches is essential for maintaining the integrity of surveillance networks in an increasingly interconnected world.
