CVE-2025-30024 Axis Communications CVE debrief

Who should care

Administrators and security teams responsible for AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager deployments, especially where client-server traffic may traverse untrusted or shared networks.

Technical summary

The supplied CISA CSAF advisory states that the client-server communication protocol had a flaw that could be leveraged to execute a man-in-the-middle attack. The published CVSS v3.1 vector (AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N) indicates a network-reachable issue with high attack complexity, no privileges required, user interaction required, and potential high confidentiality and integrity impact.

Defensive priority

Medium. This is not listed in CISA KEV, but it affects multiple Axis products and can expose client-server sessions to interception or manipulation. Prioritize remediation where these products are operationally important or where their traffic crosses less-trusted network boundaries.

Recommended defensive actions

• Upgrade affected AXIS Device Manager installations to version 5.32 or later, per Axis.
• Review the Axis advisories and the CISA update for product-specific versioning and mitigation guidance for AXIS Camera Station Pro and AXIS Camera Station.
• Limit client-server traffic to trusted network paths and apply segmentation where possible.
• Check whether management or camera-station traffic is exposed across untrusted networks or paths.
• Apply the ICS defense-in-depth and recommended-practices guidance referenced by CISA.

Evidence notes

This debrief is based only on the supplied CISA CSAF source corpus and the official links listed there. The corpus explicitly identifies the flaw as a client-server communication protocol issue that could enable MITM, and it provides a vendor remediation of AXIS Device Manager 5.32 or later. The advisory was published on 2025-12-18 and updated on 2026-01-22 (Update B) to clarify product versioning and mitigations.

Official resources