CVE-2025-30023

Critical

Published: 11 July 2025

Published

11 July 2025

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 9.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0657 91.2th percentile

Risk Priority 22 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-30023 is a critical-severity Deserialization of Untrusted Data (CWE-502) vulnerability in Axis Camera Station. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 8.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Mandates timely identification, reporting, and correction of flaws such as the deserialization vulnerability in CVE-2025-30023 to prevent remote code execution.

SI-10 Information Input Validation good match

prevent

Requires validation of all information inputs from untrusted sources like client-server protocol messages to block malicious deserialized data leading to code execution.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Provides vulnerability scanning to identify critical issues like CVE-2025-30023 in affected Axis products for prioritized remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1210 Exploitation of Remote Services Lateral Movement

Adversaries may exploit remote services to gain unauthorized access to internal systems once inside of a network.

attack.mitre.org →

Why these techniques?

Deserialization flaw in authenticated client-server protocol directly enables RCE on server (adjacent network, low-priv to full compromise).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

Deeper analysisAI

CVE-2025-30023 is a critical vulnerability (CVSS 3.1 score of 9.0) identified in the communication protocol between client and server components, classified under CWE-502 (Deserialization of Untrusted Data). Published on 2025-07-11, it affects Axis products, enabling an authenticated user to execute remote code on the server. The CVSS vector (AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) highlights its high severity due to complete confidentiality, integrity, and availability impacts with changed scope.

An attacker with low-privileged authenticated access on an adjacent network (AV:A) can exploit this flaw with low complexity and no user interaction required. Successful exploitation leads to remote code execution on the affected server, potentially allowing full compromise of the system, including data exfiltration, modification, or disruption.

Axis has issued an advisory detailing the issue, available at https://www.axis.com/dam/public/9b/a5/72/cve-2025-30023pdf-en-US-485733.pdf, which security practitioners should consult for patch information, workarounds, and affected product versions.