Who discovered the Axis Communications vulnerabilities and when were they disclosed?

The vulnerabilities were publicly disclosed by Team82 researcher Noam Moshe at Black Hat USA in Las Vegas on August 6, 2025. The researcher identified four critical flaws in Axis Communications surveillance systems.

What is CVE-2025-30023 and how critical is it?

CVE-2025-30023 has a CVSS score of 9.0, making it critically severe. It's a remote code execution vulnerability that affects Axis Camera Station Pro before version 6.9, Axis Camera Station before version 5.58, and Axis Device Manager before version 5.32. The vulnerability allows authenticated users to perform remote code execution attacks by exploiting weaknesses in the protocol's handling of user input.

What are the other significant vulnerabilities in the Axis Communications systems?

CVE-2025-30024 (CVSS 6.8) enables man-in-the-middle attacks on Axis Device Manager, CVE-2025-30026 (CVSS 5.3) allows authentication bypass on Camera Station products, and CVE-2025-30025 (CVSS 4.8) permits local privilege escalation across multiple Axis products.

Which Axis Communications products are affected by these vulnerabilities?

The affected products include Axis Camera Station Pro before version 6.9, Axis Camera Station before version 5.58, and Axis Device Manager before version 5.32. Different vulnerabilities affect different combinations of these surveillance management products.

How widespread is the potential impact of these Axis Communications vulnerabilities?

Team82 researchers discovered more than 6,500 servers exposing the vulnerable Axis.Remoting protocol and its services to the internet using scanning tools like Censys and Shodan. Each of these servers could potentially manage hundreds or thousands of individual cameras, significantly amplifying the potential impact of successful attacks.

What should organizations using Axis Communications systems do immediately?

Organizations using affected versions should review the security advisories and their systems, then plan and implement updates to the patched versions: Camera Station Pro version 6.9, Camera Station version 5.58, and Device Manager version 5.32.

What types of attacks do these Axis Communications vulnerabilities enable?

The vulnerabilities enable several types of attacks including authenticated remote code execution for complete system compromise, man-in-the-middle attacks to intercept communications, authentication bypass to gain unauthorized access, and local privilege escalation to increase attacker permissions within compromised systems.

Advisory

Team82 Researchers report multiple flaws in Axis Communications CCTV Systems

Q: What security vulnerabilities were discovered in Axis Communications systems?

Security researchers reported flaws in Axis Communications systems, a leading manufacturer of CCTV cameras and surveillance equipment. The flaws affect core products used for video surveillance management and could allow attackers to achieve complete system compromise through authenticated remote code execution and network infiltration.

Q: What is the source of these Axis Communications security flaws?

All four flaws originate from fundamental weaknesses in Axis.Remoting, a proprietary communication protocol used between client applications and Axis servers for managing surveillance systems. This protocol handles communication for video surveillance management operations.

Q: Has Axis Communications released patches for these vulnerabilities?

Yes, Axis Communications has released patches addressing all four vulnerabilities in the following software updates: Axis Camera Station Pro version 6.9, Axis Camera Station version 5.58, and Axis Device Manager version 5.32.

published: Aug. 6, 2025

Take action: If you're using Axis surveillance equipment (Camera Station Pro, Camera Station, or Device Manager), review your systems and the advisories. Make sure the surveillance systems are isolated from the internet, and then plan an upgrade to the latest patched versions (Pro 6.9, Station 5.58, Device Manager 5.32).

Learn More

Security researchers report flaws in the systems of Axis Communications, a leading manufacturer of CCTV cameras and surveillance equipment. The flaws affect core products used for video surveillance management and could allow attackers to achieve complete system compromise through authenticated remote code execution and network infiltration.

The vulnerabilities were publicly disclosed by Team82 researcher Noam Moshe at Black Hat USA in Las Vegas on August 6, 2025. All four flaws originate from fundamental weaknesses in Axis.Remoting, a proprietary communication protocol used between client applications and Axis servers for managing surveillance systems.

Vulnerabilities summary

CVE-2025-30023 (CVSS score 9.0) - Remote code execution vulnerability . This flaw affects Axis Camera Station Pro before version 6.9, Axis Camera Station before version 5.58, and Axis Device Manager before version 5.32. The vulnerability allows authenticated users to perform remote code execution attacks by exploiting weaknesses in the protocol's handling of user input.
CVE-2025-30024 (CVSS score 6.8) - Man-in-the-middle attack vulnerability. This flaw affects Axis Device Manager before version 5.32 and can be used by attackers positioned as intermediaries to intercept and manipulate communications between clients and servers.
CVE-2025-30026 (CVSS score 5.3) - Authentication bypass vulnerability. This flaw affects Axis Camera Station before version 5.58 and Axis Camera Station Pro before version 6.9, enabling attackers to circumvent authentication mechanisms and gain unauthorized access to surveillance systems.
CVE-2025-30025 (CVSS score 4.8) - Local privilege escalation vulnerability. This vulnerability affects Axis Camera Station version 5, Axis Camera Station Pro before version 6.7, and Axis Device Manager before version 5.32, potentially allowing attackers with local access to escalate their privileges within the system.

Team82 researchers conducted internet scanning using tools like Censys and Shodan and discovered more than 6,500 servers exposing the vulnerable Axis.Remoting protocol and its services to the internet. Each of these servers could potentially manage hundreds or thousands of individual cameras, significantly amplifying the potential impact of successful attacks.

Axis Communications has released patches addressing all four vulnerabilities in the following software updates: Axis Camera Station Pro version 6.9, Axis Camera Station version 5.58, and Axis Device Manager version 5.32. Organizations using affected versions should review the advisories and their systems and plan an update.

Team82 Researchers report multiple flaws in Axis Communications CCTV Systems

Read More
Hitachi Energy Patches a Blast-RADIUS Flaw in FOX61x
Critical authentication bypass in Güralp Systems seismic monitoring …
Critical Bluetooth vulnerability reported in SunPower Solar Inverters
Siemens reports multiple critical vulnerabilities in SENTRON 7KT …
Schneider Electric Patches Critical RCE Vulnerability in SCADAPack …