Cve 2025 30023 Critical Rce Vulnerability Discovered In Axis Video We appreciate the efforts of security researchers and ethical hackers on improving security in axis products, solutions, and services. the vulnerability has been assigned a 9.0 (critical) severity by using the cvssv3.1 scoring system. A critical vulnerability has been identified in the communication protocol used between axis client and server components. the flaw allows an authenticated user to exploit insecure deserialization (cwe 502) to perform a remote code execution attack.
Cve 2025 30023 Critical Rce Vulnerability Discovered In Axis Video Are we missing a cpe here? please let us know. the communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. Successful exploitation of these vulnerabilities could result in an attacker executing arbitrary code, executing a man in middle style attack, or bypass authentication. the following versions of axis communications camera station pro, camera station, and device manager (update b) are affected:. Axis warns of a critical flaw (cve 2025 30023, cvss 9.0) in camera station pro 5 and device manager, allowing authenticated rce via protocol deserialization. update immediately. The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. the product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Active Axis Surveillance Product Exploitation Cve 2025 30023 4 5 6 Axis warns of a critical flaw (cve 2025 30023, cvss 9.0) in camera station pro 5 and device manager, allowing authenticated rce via protocol deserialization. update immediately. The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. the product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid. A critical remote code execution vulnerability, tracked as cve‑2025‑30023 with cvss v3.1 base score 9.0, has been identified in axis communications’ video management products. Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from axis communications that, if successfully exploited, could expose them to takeover attacks. The most severe finding (cve‑2025‑30023) is an authenticated remote code execution (rce) vector in the client‑server communication protocol that impacts axis camera station pro, axis camera station, and axis device manager on certain version ranges. Thousands of organizations could be vulnerable to attack after researchers discovered four critical vulnerabilities in the products of axis communications, a leading manufacturer of cctv cameras and surveillance equipment.
Cve 2025 20338 Command Injection Vulnerability In Cisco Ios Xe Software A critical remote code execution vulnerability, tracked as cve‑2025‑30023 with cvss v3.1 base score 9.0, has been identified in axis communications’ video management products. Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from axis communications that, if successfully exploited, could expose them to takeover attacks. The most severe finding (cve‑2025‑30023) is an authenticated remote code execution (rce) vector in the client‑server communication protocol that impacts axis camera station pro, axis camera station, and axis device manager on certain version ranges. Thousands of organizations could be vulnerable to attack after researchers discovered four critical vulnerabilities in the products of axis communications, a leading manufacturer of cctv cameras and surveillance equipment.
Comments are closed.