Cyber Resilience

CVE-2025-30023

Critical

Published: 11 July 2025

Published
11 July 2025
Modified
23 January 2026
KEV Added
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0657 91.4th percentile
Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30023 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Axis Camera Station. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-30023 is a high-severity flaw (CVSS 9.0) in a client-server communication protocol that permits deserialization of untrusted data (CWE-502). The vulnerability resides in the protocol handling between endpoints and allows an authenticated participant to trigger remote code execution.

An attacker with low-privileged credentials on an adjacent network can exploit the issue without user interaction. Successful exploitation yields full control over confidentiality, integrity, and availability on affected components whose scope extends beyond the vulnerable instance.

The single reference points to an Axis advisory document, but no specific mitigation steps, patch details, or affected product versions are supplied in the available data. EPSS remains flat at 0.0657 with no material increase since disclosure.

EU & UK References

Vulnerability details

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1210 Exploitation of Remote Services Lateral Movement
Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.
Why these techniques?

Deserialization flaw in authenticated client-server protocol directly enables RCE on server (adjacent network, low-priv to full compromise).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-11547Same product: Axis Camera Station Pro
CVE-2025-11142Same vendor: Axis
CVE-2024-47259Same vendor: Axis
CVE-2025-62420Shared CWE-502
CVE-2024-57766Shared CWE-502
CVE-2026-40858Shared CWE-502
CVE-2024-13770Shared CWE-502
CVE-2026-27303Shared CWE-502
CVE-2025-53586Shared CWE-502
CVE-2025-64353Shared CWE-502

Affected Assets

axis
camera station
≤ 5.58.47195
axis
camera station pro
≤ 6.9.47069
axis
device manager
≤ 5.32.137

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Mandates timely identification, reporting, and correction of flaws such as the deserialization vulnerability in CVE-2025-30023 to prevent remote code execution.

prevent

Requires validation of all information inputs from untrusted sources like client-server protocol messages to block malicious deserialized data leading to code execution.

detect

Provides vulnerability scanning to identify critical issues like CVE-2025-30023 in affected Axis products for prioritized remediation.

References