Axis Communications Ab Axis Device Manager vulnerabilities

CVE-2025-30023 [CRITICAL] CWE-502 CVE-2025-30023: The communication protocol used between client and server had a flaw that could lead to an authentic The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

CVE-2025-30024 [MEDIUM] CWE-295 CVE-2025-30024: The communication protocol used between client and server had a flaw that could be leveraged to exec The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.

CVE-2025-30025 [MEDIUM] CWE-502 CVE-2025-30025: The communication protocol used between the server process and the service control had a flaw that c The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation.

CVE-2021-31989 [MEDIUM] CWE-316 CVE-2021-31989: A user with permission to log on to the machine hosting the AXIS Device Manager client could under c A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.