PatchSiren cyber security CVE debrief
CVE-2025-30025 Axis Communications CVE debrief
CVE-2025-30025 is a medium-severity local privilege-escalation issue in the communication protocol between the server process and service control used by Axis Communications' AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager. The CISA CSAF advisory and Axis remediation guidance direct administrators to apply vendor-fixed versions and verify the exact target release for the installed product branch, especially because Update B revised the affected products and mitigations to clarify versioning.
- Vendor
- Axis Communications
- Product
- AXIS Camera Station Pro
- CVSS
- MEDIUM 5.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2025-12-18
- Original CVE updated
- 2026-01-22
- Advisory published
- 2025-12-18
- Advisory updated
- 2026-01-22
Who should care
Administrators, security teams, and support staff responsible for AXIS Camera Station Pro, AXIS Camera Station 5.x, and AXIS Device Manager deployments, especially on shared management workstations or systems where local users have access.
Technical summary
The supplied CISA CSAF advisory (ICSA-25-352-08) says a flaw in the communication protocol between the server process and service control could lead to local privilege escalation. The advisory metadata gives a CVSS 3.1 vector of AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L, indicating a local attack path with low privileges and no user interaction. The remediation entries list AXIS Camera Station Pro 6.9 or later, AXIS Camera Station 5.58 or later, and AXIS Device Manager 5.32 or later; Update B says the affected products and mitigations were revised to clarify product versioning and required mitigations.
Defensive priority
Medium. The flaw is local and not listed in KEV, but privilege escalation on an administration host can still be meaningful, especially where these tools manage cameras and related infrastructure.
Recommended defensive actions
- Inventory all systems running AXIS Camera Station Pro, AXIS Camera Station, or AXIS Device Manager.
- Upgrade affected installations to the vendor-recommended fixed version for the installed product branch.
- Re-check the latest Axis/CISA advisory before rollout, because Update B clarifies product versioning and required mitigations.
- If AXIS Camera Station 5.x is in use, follow the vendor's migration guidance to the supported fixed release path.
- Limit local logon and administrative access on systems that run these management tools.
- Apply least-privilege principles for accounts that can start, stop, or manage the affected services.
- Track vendor and CISA updates for any further mitigation or versioning clarification.
Evidence notes
This debrief is based only on the supplied CISA CSAF source item for ICSA-25-352-08 and the official links provided in the corpus. The source publication date is 2025-12-18 and the source was updated on 2026-01-22 (Update B). The advisory identifies the issue as a local privilege-escalation flaw in the communication protocol between the server process and service control, and it provides vendor remediation entries for AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager. No KEV entry is listed in the supplied enrichment data.
Official resources
-
CVE-2025-30025 CVE record
CVE.org
-
CVE-2025-30025 NVD detail
NVD
-
Source item URL
cisa_csaf
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
-
Source reference
Reference
Publicly disclosed in the CISA CSAF advisory ICSA-25-352-08 on 2025-12-18 and updated on 2026-01-22 (Update B).