The AXIS Camera Station Server had a flaw that allowed
to bypass authentication that is normally required.

CVE Database V5

Detailed information about CVE-2025-30026: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Axis Communications AB AXIS Camera Station Pro a

CVE-2025-30026: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Axis Communications AB AXIS Camera Station Pro - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-30026: CWE-288: Authentication Bypass Using an Alternate Path or Channel in Axis Communications AB AXIS Camera Station Pro

The communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack.

Detailed information about CVE-2025-30024: CWE-295 Improper Certificate Validation in Axis Communications AB AXIS Device Manager affecting Axis Communications A

CVE-2025-30024: CWE-295 Improper Certificate Validation in Axis Communications AB AXIS Device Manager - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-30024: CWE-295 Improper Certificate Validation in Axis Communications AB AXIS Device Manager

The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack.

Detailed information about CVE-2025-30023: CWE-502 Deserialization of Untrusted Data in Axis Communications AB AXIS Camera Station Pro affecting Axis Communicat

CVE-2025-30023: CWE-502 Deserialization of Untrusted Data in Axis Communications AB AXIS Camera Station Pro - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-30023: CWE-502 Deserialization of Untrusted Data in Axis Communications AB AXIS Camera Station Pro

Two critical credential vulnerabilities have been found in Kaseya's RapidFire Tools Network Detective

Source: https://www.galacticadvisors.com/release/critical-vulnerabilities-in-network-detective/

Two critical credential vulnerabilities have been identified in Kaseya's RapidFire Tools Network Detective, a widely used network assessment and management tool. These vulnerabilities pertain to the improper handling and protection of credentials within the application, potentially allowing unauthorized access to sensitive authentication data. While specific technical details are limited, the critical severity classification suggests that these flaws could enable attackers to extract or misuse credentials, leading to unauthorized access to network resources or administrative functions. The vulnerabilities likely stem from insecure storage, transmission, or management of credentials, which could be exploited remotely or locally depending on the deployment context. No known exploits have been reported in the wild yet, and no patches or affected versions have been explicitly disclosed, indicating that the issue is newly discovered and under active investigation. The source of this information is a Reddit NetSec post linking to Galactic Advisors, a cybersecurity advisory entity, which underscores the urgency and importance of addressing these vulnerabilities promptly. Given the nature of Network Detective as a tool used by managed service providers and IT administrators for network discovery and security assessments, exploitation of these vulnerabilities could compromise the confidentiality and integrity of network credentials, potentially cascading into broader network compromises.

Reddit NetSec

Detailed information about Two critical credential vulnerabilities have been found in Kaseya's RapidFire Tools Network Detective. Get real-time updates, technic

Two critical credential vulnerabilities have been found in Kaseya's RapidFire Tools Network Detective - Live Threat Intelligence - Threat Radar | OffSeq.com

Two critical credential vulnerabilities have been found in Kaseya's RapidFire Tools Network Detective

Reddit Discussion: Two critical credential vulnerabilities have been found in Kaseya's RapidFire Tools Network Detective

The communication protocol used between the
server process and the service control had a flaw that could lead to a local privilege escalation.

Detailed information about CVE-2025-30025: CWE-502 Deserialization of Untrusted Data in Axis Communications AB AXIS Device Manager affecting Axis Communications