CVE-2025-30027

EUVD-2025-24221
An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAPĀ application.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
AxisCNA
6.7 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 8%
Affected Products (NVD)
VendorProductVersion
axisaxis_os
12.0.0 ≤
𝑥
< 12.5.36
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf