Local Privilege Escalation Vulnerability in Axis Communications Server Software
CVE-2025-30025

4.8MEDIUM

What is CVE-2025-30025?

A flaw in the communication protocol between the server process and the service control in Axis Communications' server software can be exploited to gain elevated access privileges. Attackers who successfully leverage this vulnerability could execute unauthorized commands with local system privileges, potentially compromising the integrity and security of the system.

Affected Version(s)

AXIS Camera Station <6

AXIS Camera Station Pro <6.8

AXIS Device Manager <5.32

References

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Noam Moshe of Claroty Team82
.
CVE-2025-30025 : Local Privilege Escalation Vulnerability in Axis Communications Server Software