CVE-2025-11547 is a vulnerability identified in AXIS Camera Station Pro version 6.11, a widely deployed video management software used for security surveillance. The vulnerability is categorized under CWE-532, which involves the insertion of sensitive information into log files. This flaw enables a non-administrative user with local access to escalate privileges on the server, potentially gaining administrative control. The vulnerability has a CVSS v3.1 base score of 7.8, reflecting high severity due to its impact on confidentiality, integrity, and availability. The attack vector is local (AV:L), requiring low attack complexity (AC:L) and low privileges (PR:L), with no user interaction (UI:N) needed. The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H). Although no public exploits have been reported yet, the vulnerability poses a significant risk because it can allow unauthorized access to sensitive surveillance data and control over the camera management system. The flaw arises from improper handling of sensitive information in log files, which can be leveraged to perform privilege escalation. AXIS Camera Station Pro is critical in many organizations for monitoring and security, making this vulnerability a serious concern. The vendor has not yet released a patch, so organizations must implement interim mitigations and monitor for suspicious activity.

The potential impact of CVE-2025-11547 is substantial for organizations using AXIS Camera Station Pro, particularly those relying on it for critical security surveillance. Successful exploitation allows a non-admin user to escalate privileges, potentially gaining full administrative control over the server managing video feeds. This can lead to unauthorized access to sensitive video data, manipulation or deletion of logs, disruption of surveillance operations, and compromise of the integrity and availability of security monitoring. The breach of confidentiality could expose sensitive surveillance footage, threatening privacy and security. Integrity loss could allow attackers to alter or erase evidence, while availability impact could disrupt real-time monitoring and incident response. Given the local attack vector, insider threats or attackers with limited access could exploit this vulnerability. The absence of known exploits in the wild reduces immediate risk but does not eliminate it, especially as threat actors may develop exploits once the vulnerability is public. Organizations in sectors such as government, critical infrastructure, transportation, and large enterprises using Axis products are particularly at risk.

1. Apply vendor patches immediately once available to remediate the vulnerability in AXIS Camera Station Pro. 2. Until patches are released, restrict local user access to the server hosting the software, limiting permissions to only those necessary. 3. Implement strict access controls and monitoring on systems running AXIS Camera Station Pro to detect unauthorized privilege escalation attempts. 4. Regularly audit log files for signs of sensitive information leakage or suspicious entries that could indicate exploitation attempts. 5. Employ endpoint detection and response (EDR) solutions to monitor for abnormal behavior indicative of privilege escalation. 6. Isolate the surveillance management server within a segmented network zone to reduce exposure. 7. Educate administrators and users about the risks of local access and enforce strong authentication and session management. 8. Maintain up-to-date backups of configuration and log data to enable recovery in case of compromise. 9. Review and harden logging configurations to avoid sensitive information being recorded unnecessarily. 10. Coordinate with Axis Communications for timely updates and advisories regarding this vulnerability.