CVE-2025-30023 PUBLISHED

Assigner: Axis
Reserved: 14.03.2025 Published: 11.07.2025 Updated: 11.07.2025

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

Metrics

CVSS 3.1

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVSS Score: 9

Attack Vector	Adjacent Network	Scope	Changed
Attack Complexity	Low	Confidentiality Impact	High
Privileges Required	Low	Integrity Impact	High
User Interaction	None	Availability Impact	High

CVSS 3.1

Product Status

Vendor	Axis Communications AB
Product	AXIS Camera Station Pro
Versions	Default: unaffected Version <6.9 is affected

Vendor	Axis Communications AB
Product	AXIS Camera Station
Versions	Default: unaffected Version <5.58 is affected

Vendor	Axis Communications AB
Product	AXIS Device Manager
Versions	Default: unaffected Version <5.32 is affected

Credits

Noam Moshe of Claroty Team82 finder

References

https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf

Problem Types

CWE-502 Deserialization of Untrusted Data CWE