Axis Communications Patches Critical Flaws in Camera Management Software
Take action: Review the advisory to check if you are using any of the affected products. As per usual, make sure all CCTV and industrial devices are isolated from the internet and accessible from trusted networks only. Then plan a quick update your Axis management software to the latest versions.
Learn More
CISA warns of flaws in Axis Communications released security updates for its video and device management software. These bugs let attackers run their own code, sniff network traffic, or skip login screens.
Vulnerabilities summary:
- CVE-2025-30023 (CVSS score 9.0) - A data-reading flaw that lets attackers run code remotely.
- CVE-2025-30024 (CVSS score 6.8) - A certificate error that allows attackers to spy on or change data.
- CVE-2025-30025 (CVSS score 5.2) - A bug that lets local users to escalate privileges and gain system rights.
- CVE-2025-30026 (CVSS score 6.1) - A flaw that lets attackers bypass the login screen.
The advisory covers flaws in AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager.
Axis advises users tp update to Camera Station Pro 6.8, Camera Station 5.58, or Device Manager 5.32. CISA's general best practices is to keep these systems isolated from the internet and accessible remotely only with a VPN.
