Critical vulnerabilities reported in Axis Communications Camera management systems
Take action: If you have Axis Communications camera management systems (AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager), make sure they are isolated from the internet and only accessible from trusted internal networks. Then plan an update to the latest patched versions (Camera Station Pro 6.9+, Camera Station 5.58+, Device Manager 5.32+).
Learn More
Axis Communications has patched multiple security vulnerabilities in its camera management software suite used for monitoring and controlling enterprise video surveillance systems in government facilities, airports, corporate campuses, and other high-security environments.
Vulnerabilities summary:
- CVE-2025-30023 (CVSS score 9.0) - A deserialization of untrusted data flaw in the communication protocol used between client and server that could allow an authenticated user to perform a remote code execution attack. Affects AXIS Camera Station Pro versions prior to 6.9, AXIS Camera Station versions before 5.58, and AXIS Device Manager versions earlier than 5.32.
- CVE-2025-30024 (CVSS score 6.8) - A medium-severity improper certificate validation flaw affecting AXIS Device Manager versions prior to 5.32 that could be leveraged to execute man-in-the-middle attacks.
- CVE-2025-30025 (CVSS score 5.2) - A medium-severity vulnerability in the communication protocol used between the server process and service control that could lead to local privilege escalation. Affects AXIS Camera Station Pro versions prior to 6.9, AXIS Camera Station versions before 5.58, and AXIS Device Manager versions earlier than 5.32.
- CVE-2025-30026 (CVSS score 6.1) - A medium-severity authentication bypass vulnerability in the AXIS Camera Station Server that allows users to circumvent authentication requirements. Affects AXIS Camera Station Pro versions prior to 6.9 and AXIS Camera Station versions before 5.58.
.The vulnerabilities affect AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager products, which are widely deployed globally across commercial facilities and critical manufacturing sectors.
According to recent analyses, over 6,500 Axis Communications servers managing video surveillance systems are exposed on the internet, with nearly 4,000 of these located in the United States.
Users are strongly recommended to upgrade to AXIS Camera Station Pro version 6.9 or later, AXIS Camera Station version 5.58 or later, and AXIS Device Manager version 5.32 or later.
As a precautionary measure, organizations should minimize network exposure for all affected devices and ensure they are not accessible from the internet.
