CVE-2025-30027
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-12
Assigner: Axis Communications AB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| axis | axis_os | 12.0.0 |
| axis | axis_os | 12.5.36 |
| axis | axis_os | 12.5.35 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1287 | The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves an ACAP configuration file that lacks sufficient input validation, which could allow an attacker to execute arbitrary code. Exploitation requires the Axis device to be configured to allow installation of unsigned ACAP applications and for the attacker to convince the victim to install a malicious ACAP application.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to arbitrary code execution on the affected Axis device, potentially compromising the device's confidentiality, integrity, and availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, ensure that the Axis device is not configured to allow the installation of unsigned ACAP applications. Avoid installing ACAP applications from untrusted sources to prevent arbitrary code execution.