Cybersecurity researchers have disclosed a number of safety flaws in video surveillance merchandise from Axis Communications that, if efficiently exploited, might expose them to takeover assaults.
“The assault ends in pre-authentication distant code execution on Axis System Supervisor, a server used to configure and handle fleets of cameras, and the Axis Digicam Station, consumer software program used to view digital camera feeds,” Claroty researcher Noam Moshe stated.
“Moreover, utilizing web scans of uncovered Axis.Remoting companies, an attacker can enumerate weak servers and purchasers, and perform granular, extremely focused assaults.”
The record of recognized flaws is under –
- CVE-2025-30023 (CVSS rating: 9.0) – A flaw within the communication protocol used between consumer and server that might result in an authenticated consumer performing a distant code execution assault (Mounted in Digicam Station Professional 6.9, Digicam Station 5.58, and System Supervisor 5.32)
- CVE-2025-30024 (CVSS rating: 6.8) – A flaw within the communication protocol used between consumer and server that could possibly be leveraged to execute an adversary-in-the-middle (AitM) assault (Mounted in System Supervisor 5.32)
- CVE-2025-30025 (CVSS rating: 4.8) – A flaw within the communication protocol used between the server course of and the service management that might result in an area privilege escalation (Mounted in Digicam Station Professional 6.8 and System Supervisor 5.32)
- CVE-2025-30026 (CVSS rating: 5.3) – A flaw within the Axis Digicam Station Server that might result in an authentication bypass (Mounted in Digicam Station Professional 6.9 and Digicam Station 5.58)
Profitable exploitation of the aforementioned vulnerabilities might permit an attacker to imagine an AitM place between the Digicam Station and its purchasers, successfully making it attainable to change requests/responses and execute arbitrary actions on both the server or consumer methods. There’s no proof that the problems have been exploited within the wild.
Claroty stated it discovered greater than 6,500 servers that expose the proprietary Axis.Remoting protocol and its companies over the web, out of which almost 4,000 of them are positioned within the U.S.
“Profitable exploits give attackers system-level entry on the interior community and the flexibility to manage every of the cameras inside a particular deployment,” Moshe famous. “Feeds may be hijacked, watched, and/or shut down. Attackers can exploit these safety points to bypass authentication to the cameras and acquire pre-authentication distant code execution on the gadgets.”
