CVE-2025-30023: Critical RCE Vulnerability Discovered in Axis Video Management Software
Do Son 
Axis Communications has issued a security advisory for a critical vulnerability affecting several of its flagship software solutions, including AXIS Camera Station Pro, AXIS Camera Station 5, and AXIS Device Manager. The flaw—discovered by security researcher Noam Moshe from Claroty Team82—has been assigned CVE-2025-30023 and carries a CVSS v3.1 base score of 9.0 (Critical).
“Noam Moshe of Claroty Team82, has found that the communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack,” Axis disclosed in the advisory.
The core of the issue lies in the improper handling of serialized data transmitted between the Axis software client and server. Exploitation requires authenticated access to the system but no user interaction, making it an ideal target for lateral movement once an attacker breaches a network perimeter.
“Axis will not provide more detailed information about the vulnerability,” the advisory notes, though the high severity rating indicates a significant threat to enterprise environments.
| Product | Affected Versions | Patched Version |
|---|---|---|
| AXIS Camera Station Pro | Versions earlier than 6.9 | Version 6.9 |
| AXIS Camera Station 5 | Versions earlier than 5.58 | Version 5.58 |
| AXIS Device Manager | Versions earlier than 5.32 | Version 5.32 |
These platforms are widely used in physical security infrastructures, controlling IP camera networks, video analytics, and centralized device management in sectors ranging from critical infrastructure to commercial retail.
Axis has released patched versions of the affected software:
- AXIS Camera Station Pro 6.9
- AXIS Camera Station 5.58
- AXIS Device Manager 5.32
Users are strongly advised to update immediately. Though no public exploits have been reported, the nature of this vulnerability suggests that it could be leveraged by sophisticated attackers seeking privileged access within enterprise networks.
Related Posts:
- Critical Security Flaws Found in AXIS OS: Patch Your Devices Now!
- Synology Surveillance Station Vulnerabilities Expose Systems to Attack – Update Immediately
- Kaspersky Lab: software vulnerabilities put over 1,000 gas stations around the world at risk
- Critical Vulnerabilities in QNAP Notes Station 3: Update Now to Protect Your Data
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
