CVE-2025-30023

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

9.0CRITICAL

EPSS

2.6%

top 14.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Camera Station Axis Camera Station PRO Axis Device Manager +3 more

Timeline

PublishedJul 11

Description

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages6 packages

▶CVEListV5axis_communications_ab/axis_camera_station<5.58

▶CVEListV5axis_communications_ab/axis_device_manager<5.32

▶CVEListV5axis_communications_ab/axis_camera_station_pro<6.9

▶NVDaxis/camera_station< 5.58.47195

▶NVDaxis/device_manager< 5.32.137

🔴Vulnerability Details

GHSA

GHSA-fjrg-m24m-jh2g: The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attac↗2025-07-11

▶

CVEList

CVE-2025-30023: The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attac↗2025-07-11

▶