CVE-2025-12063 is a medium severity vulnerability identified in Axis Communications AB's AXIS Camera Station Pro, specifically version 6. The root cause is an insecure direct object reference (IDOR), classified under CWE-639, which allows a non-administrative user to bypass authorization controls. This flaw enables such users to modify or delete certain data objects that should be restricted to administrators, thereby compromising data integrity. The vulnerability does not affect confidentiality or availability but poses a risk to the integrity of the system's data. The CVSS 3.1 vector (AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N) indicates that the attack requires adjacent network access (e.g., local network), low attack complexity, and low privileges but no user interaction. The scope remains unchanged, meaning the impact is confined to the vulnerable component. No public exploits or patches are currently available, which suggests that organizations must rely on compensating controls until a patch is released. The vulnerability is particularly concerning for environments where AXIS Camera Station Pro is used to manage critical video surveillance infrastructure, as unauthorized data modification could disrupt security monitoring or forensic evidence integrity.

For European organizations, the impact centers on the potential unauthorized modification or deletion of surveillance data or configuration objects within AXIS Camera Station Pro. This could undermine physical security operations, tamper with evidence, or disrupt incident response processes. Organizations in sectors such as transportation, government, critical infrastructure, and large enterprises relying on Axis video surveillance systems are at heightened risk. The integrity compromise could lead to undetected security breaches or false security alerts. Since the vulnerability requires adjacent network access and low privileges, insider threats or attackers who gain limited network access could exploit it. The absence of confidentiality and availability impact reduces the risk of data leakage or system downtime but does not diminish the importance of maintaining data integrity in security systems.

1. Implement strict network segmentation to isolate AXIS Camera Station Pro systems from general user networks, limiting adjacent network access to trusted administrators only. 2. Review and tighten user role assignments and permissions within the AXIS Camera Station Pro environment to ensure least privilege principles are enforced. 3. Monitor logs and audit trails for unusual modification or deletion activities related to data objects managed by the system. 4. Employ network-level access controls such as VLANs and firewall rules to restrict access to the camera management system. 5. Until an official patch is released, consider deploying compensating controls such as multi-factor authentication for all users with modification privileges and enhanced monitoring for insider threat detection. 6. Engage with Axis Communications for updates on patch availability and apply them promptly once released. 7. Conduct regular security assessments and penetration testing focused on access control mechanisms within the surveillance infrastructure.