CVE-2025-30023 Axis Communications CVE debrief

Who should care

Administrators, security teams, and service providers responsible for AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager deployments, especially where authenticated users have access to the management interface.

Technical summary

The advisory says the client-server communication protocol contained a flaw that could permit remote code execution by an authenticated user. The supplied CSAF rates the issue as CVSS 3.1 9.0/Critical with low attack complexity, no user interaction, elevated privileges required, and high confidentiality, integrity, and availability impact. CISA’s Update B revision states that affected products/versioning and mitigations were clarified.

Defensive priority

Urgent. Patch affected Axis management systems as soon as practical because this is an authenticated remote code execution issue with critical impact.

Recommended defensive actions

• Upgrade AXIS Camera Station Pro to 6.9 or later.
• Upgrade AXIS Camera Station to 5.58 or later.
• Upgrade AXIS Device Manager to 5.32 or later.
• Verify the exact affected product/version mapping against the CISA CSAF advisory Update B before and after remediation.
• Apply CISA industrial control system defense-in-depth and recommended practices to the systems that host these products.

Evidence notes

This debrief is based on the CISA CSAF advisory ICSA-25-352-08 (CVE-2025-30023), published 2025-12-18 and revised on 2026-01-15 and 2026-01-22. The advisory states the flaw could lead to authenticated remote code execution. The supplied corpus does not list this CVE in KEV and does not attribute ransomware use.

Official resources