Critical flaws expose 6,500 Axis video surveillance servers, including 4,000 in US

While no active exploitation of the vulnerabilities has been detected, researchers urge prompt patching and network reviews, warning that compromised surveillance systems could pose serious threats to both physical security and data privacy

Cybersecurity researchers have uncovered multiple high-risk vulnerabilities in video surveillance products made by Axis Communications, warning that the flaws could enable attackers to take control of camera networks if exploited.

According to Claroty security researcher Noam Moshe, the weaknesses affect the Axis Device Manager — used for configuring and managing large fleets of cameras — and the Axis Camera Station, client software that displays live video feeds. Exploiting these flaws could allow pre-authentication remote code execution, enabling attackers to seize full control over targeted systems.

Researchers warned that attackers could identify vulnerable devices by scanning for exposed Axis.Remoting services online, paving the way for highly targeted intrusions.

Details of the vulnerabilities

The security issues, tracked under CVE identifiers, range in severity:

·       CVE-2025-30023 (CVSS 9.0) — Enables remote code execution via flaws in the client-server communication protocol.

·       CVE-2025-30024 (CVSS 6.8) — Allows adversary-in-the-middle (AitM) attacks against the communication channel.

·       CVE-2025-30025 (CVSS 4.8) — Could lead to local privilege escalation through server–service control protocol weaknesses.

·       CVE-2025-30026 (CVSS 5.3) — Enables authentication bypass in the Axis Camera Station Server.

Axis Communications has released security updates addressing these flaws in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32.

Potential impact

Claroty’s scans revealed over 6,500 servers exposing the proprietary Axis.Remoting protocol worldwide, with nearly 4,000 located in the United States. If exploited, attackers could intercept and manipulate data between cameras and clients, hijack or disable video feeds, and gain system-level access within internal networks.

“These vulnerabilities could allow full operational control of every connected camera in a deployment, including altering or stopping video streams,” Moshe said.

No known exploitation yet

There is currently no evidence that the vulnerabilities have been used in real-world attacks. However, researchers urge all users to apply the latest patches immediately and review network configurations to limit unnecessary exposure.

The discovery underscores the growing security risks in connected surveillance systems, which, if compromised, can threaten both physical security and data privacy.