Axis Camera Server Vulnerabilities Expose Thousands of Organizations to Attack

Claroty’s Team82 research unit has unveiled four vulnerabilities affecting Axis Communications’ widely deployed video surveillance ecosystem, potentially endangering thousands of organizations worldwide.

These flaws, centered on the proprietary Axis.Remoting communication protocol, enable pre-authentication remote code execution (RCE) on key components such as Axis Device Manager (ADM) and Axis Camera Station.

Axis, a leading Swedish provider of IP cameras and related systems, promptly acknowledged the issues and released patches following Team82’s private disclosure.

Critical Flaws in Proprietary Axis.Remoting Protocol

The vulnerabilities, tracked under CVEs including CVE-2025-30023 (CVSS v3.1 score of 9.0, classified as Critical due to CWE-502: Deserialization of Untrusted Data), exploit weaknesses in the protocol’s handling of mutual TLS (mTLS), NTLMSSP authentication, and JSON-based remote procedure calls (RPCs).

Affected versions include AXIS Camera Station Pro prior to 6.9, AXIS Camera Station before 5.58 ...