CVE-2025-30023

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

CVSS v3 9.0 CRITICAL

9.0^/10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 6.0

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:axis:camera_station::::::::
	cpe:2.3:a:axis:camera_station_pro::::::::
	cpe:2.3:a:axis:device_manager::::::::

History

23 Jan 2026, 21:14

Type	Values Removed	Values Added
References	~~() https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf -~~	() https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf - Vendor Advisory
CPE		cpe:2.3:a:axis:camera_station:::::::: cpe:2.3:a:axis:device_manager:::::::: cpe:2.3:a:axis:camera_station_pro::::::::
First Time		Axis camera Station Axis camera Station Pro Axis Axis device Manager

15 Jul 2025, 13:14

Type	Values Removed	Values Added
Summary		(es) El protocolo de comunicación utilizado entre el cliente y el servidor tenía una falla que podía llevar a que un usuario autenticado realizara un ataque de ejecución de código remoto.

11 Jul 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-11 06:15

Updated : 2026-01-23 21:14

NVD link : CVE-2025-30023

Mitre link : CVE-2025-30023

CVE.ORG link : CVE-2025-30023

JSON object : View

Products Affected

axis

camera_station
camera_station_pro
device_manager

CWE

CWE-502

Deserialization of Untrusted Data

9.0 /10