Axis Communications Camera Station Pro, Camera Station, and Device Manager (Update B)

Plan Patch9ICS-CERT ICSA-25-352-08Dec 18, 2025

Attack VectorAdjacent

Auth RequiredLow

ComplexityLow

User InteractionNone needed

Summary

Multiple vulnerabilities in AXIS Camera Station Pro, Camera Station, and Device Manager allow arbitrary code execution, man-in-the-middle attacks, and authentication bypass. The vulnerabilities are caused by insecure deserialization (CWE-502), improper certificate validation (CWE-295), and weak authentication mechanisms (CWE-288). Successful exploitation requires network access to the Camera Station device and valid user credentials. Impact includes unauthorized command execution on the management system, interception of video streams, and unauthorized access to camera configurations.

What this means

What could happen

An attacker with local network access and valid credentials could execute arbitrary code on the Camera Station management system, intercept unencrypted communication between cameras and the station, or bypass authentication to gain unauthorized control over video surveillance infrastructure.

Who's at risk

Water utilities, municipal electric systems, and other critical infrastructure operators managing AXIS camera surveillance systems for physical security monitoring. This affects anyone running AXIS Camera Station Pro (versions before 6.9), AXIS Camera Station (versions before 5.58), or AXIS Device Manager (versions before 5.32) for centralized video management and device administration.

How it could be exploited

An attacker with access to the local network (same subnet as the Camera Station appliance) and valid user credentials could exploit authentication or encryption weaknesses to execute arbitrary commands on the management system, allowing them to modify camera configurations, access video streams, or pivot to other network devices.

Prerequisites

Network access to Camera Station device on local network
Valid user account credentials for Camera Station
Knowledge of device IP address and management port

requires local network accessrequires valid credentialsno patch available for some versionsaffects surveillance/monitoring systems supporting security operationsman-in-the-middle attack possible

Exploitability

Moderate exploit probability (EPSS 2.6%)

Affected products (5)

5 with fix

ProductAffected VersionsFix Status

AXIS Camera Station Pro: <6.8<6.86.9 or later

AXIS Camera Station: All_5.xAll 5.x5.58 or later

AXIS Camera Station Pro: <6.9<6.96.9 or later

AXIS Camera Station: <5.58<5.585.58 or later

AXIS Device Manager: <5.32<5.325.32 or later

Remediation & Mitigation

0/6

Do now

0/2

WORKAROUNDRestrict network access to Camera Station management interfaces using firewall rules; limit to authorized engineering and management workstations only

HARDENINGEnforce strong unique passwords for all Camera Station user accounts and disable default accounts

Schedule — requires maintenance window

0/3

Patching may require device reboot — plan for process interruption

HOTFIXUpgrade AXIS Camera Station Pro to version 6.9 or later

HOTFIXUpgrade AXIS Camera Station to version 5.58 or later

HOTFIXUpgrade AXIS Device Manager to version 5.32 or later

Long-term hardening

0/1

HARDENINGSegment the Camera Station management network from general corporate network and operational networks

CVEs (4)

CVE-2025-30023 CVE-2025-30024 CVE-2025-30025 CVE-2025-30026

View full CISA ICS-CERT advisory

↑↓ Navigate · Esc Close

API: /api/v1/advisories/491a439c-a236-4dd2-b70b-a8f0eacd295e