CVE-2025-30027

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*

History

13 Jan 2026, 18:54

Type	Values Removed	Values Added
First Time		Axis axis Os Axis
References	~~() https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf -~~	() https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf - Vendor Advisory
CPE		cpe:2.3:o:axis:axis_os:::::active:::*

12 Aug 2025, 14:25

Type	Values Removed	Values Added
Summary		(es) Un archivo de configuración de ACAP carecía de suficiente validación de entrada, lo que podría permitir la ejecución de código arbitrario. Esta vulnerabilidad solo se puede explotar si el dispositivo Axis está configurado para permitir la instalación de aplicaciones ACAP no firmadas y si un atacante convence a la víctima para que instale una aplicación ACAP maliciosa.

12 Aug 2025, 06:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-12 06:15

Updated : 2026-01-13 18:54

NVD link : CVE-2025-30027

Mitre link : CVE-2025-30027

CVE.ORG link : CVE-2025-30027

JSON object : View

Products Affected

axis

axis_os

CWE

CWE-1287

Improper Validation of Specified Type of Input

6.7 /10