CVE-2025-30026 is a medium-severity authentication-bypass issue in the AXIS Camera Station Server, tracked by CISA as ICSA-25-352-08 and updated in Version 3 (Update B). Axis recommends upgrading affected deployments to AXIS Camera Station Pro 6.9 or later and AXIS Camera Station 5.58 or later; the supplied advisory text also covers AXIS Device Manager, but the remediation details provided here only name [truncated]
CVE-2025-30025 is a medium-severity local privilege-escalation issue in the communication protocol between the server process and service control used by Axis Communications' AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager. The CISA CSAF advisory and Axis remediation guidance direct administrators to apply vendor-fixed versions and verify the exact target release for the installed pr [truncated]
CISA’s advisory for CVE-2025-30024 describes a flaw in the communication protocol between client and server that could be leveraged for a man-in-the-middle attack. The issue affects AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager. CISA’s Update B later clarified product versioning and required mitigations, so defenders should use the vendor and CISA guidance together when planning remediation.
CRITICALAxis CommunicationsCVE published 2025-12-18
Axis Communications and CISA describe a flaw in the communication protocol between client and server for AXIS Camera Station Pro, AXIS Camera Station, and AXIS Device Manager. An authenticated user could potentially leverage the issue to perform remote code execution. The supplied advisory rates the issue CVSS 3.1 9.0/CRITICAL (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). Update B, published 2026-01-22, clarifie [truncated]
