CVE-2025-30023 is a critical vulnerability identified in Axis Communications AB's AXIS Camera Station Pro software versions prior to 6.9. The root cause of this vulnerability is a deserialization flaw (CWE-502) in the communication protocol between the client and server components of the product. Specifically, the protocol improperly handles untrusted serialized data, allowing an authenticated user to exploit this flaw to perform remote code execution (RCE) on the server. This vulnerability requires the attacker to have legitimate credentials (low privilege required) but does not require any user interaction beyond authentication. The CVSS v3.1 score of 9.0 reflects the critical nature of this vulnerability, with high impact on confidentiality, integrity, and availability, and a scope that affects the entire system. The vulnerability allows an attacker to execute arbitrary code remotely, potentially leading to full system compromise, data exfiltration, or disruption of video surveillance services. The flaw arises from unsafe deserialization practices, which can allow crafted serialized objects to trigger malicious code execution during the deserialization process. No known public exploits have been reported yet, but the criticality and nature of the vulnerability make it a high-priority risk for organizations using this software.

For European organizations, the impact of this vulnerability can be significant, especially for entities relying on AXIS Camera Station Pro for physical security and surveillance. Successful exploitation could lead to unauthorized control over surveillance infrastructure, enabling attackers to disable or manipulate video feeds, compromise sensitive video data, or use the compromised system as a foothold for lateral movement within the network. This could affect critical infrastructure, government facilities, corporate offices, and public spaces, undermining physical security and potentially violating data protection regulations such as GDPR due to unauthorized access or data breaches. The disruption or manipulation of surveillance systems could also have safety implications in environments relying on real-time monitoring. Given the widespread use of Axis products in Europe, the vulnerability poses a tangible risk to organizations across sectors including transportation, utilities, manufacturing, and public administration.

To mitigate this vulnerability, organizations should prioritize upgrading AXIS Camera Station Pro to version 6.9 or later, where the vulnerability has been addressed. If immediate upgrade is not feasible, organizations should restrict access to the management interfaces of the affected systems to trusted networks and users only, employing network segmentation and strict access controls. Implement multi-factor authentication (MFA) to reduce the risk of credential compromise. Monitoring and logging of authentication events and unusual activities on the camera management systems should be enhanced to detect potential exploitation attempts. Additionally, organizations should review and harden the configuration of the surveillance infrastructure, disable unnecessary services, and apply the principle of least privilege to user accounts. Regular vulnerability scanning and penetration testing focusing on physical security systems can help identify residual risks. Finally, maintaining an incident response plan that includes scenarios involving physical security system compromise is recommended.