CVE-2025-30025

CWE-502 — Deserialization of Untrusted Data4 documents4 sources

Severity

4.8MEDIUM

EPSS

0.1%

top 66.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Axis Camera Station PRO Axis Device Manager Axis Communications AB Axis Camera Station +2 more

Timeline

PublishedJul 11

Description

The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages5 packages

▶CVEListV5axis_communications_ab/axis_camera_station<6

▶CVEListV5axis_communications_ab/axis_device_manager<5.32

▶CVEListV5axis_communications_ab/axis_camera_station_pro<6.8

▶NVDaxis/device_manager< 5.32.137

▶NVDaxis/camera_station_pro< 6.8.43213

🔴Vulnerability Details

GHSA

GHSA-vjrh-7rvq-8ghw: The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation↗2025-07-11

▶

CVEList

CVE-2025-30025: The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation↗2025-07-11

▶