CVE-2025-4645 is a vulnerability identified in Axis Communications AB's AXIS OS version 12.0.0, specifically related to the improper validation of the specified type of input in ACAP (Axis Camera Application Platform) configuration files. The root cause lies in insufficient input validation within the ACAP configuration file processing, which could allow an attacker to execute arbitrary code on the device. This vulnerability requires two key conditions for exploitation: first, the Axis device must be configured to permit the installation of unsigned ACAP applications, which is not the default and represents a weakened security posture; second, the attacker must convince the victim to install a malicious ACAP application, which could be achieved through social engineering or other means. Once installed, the malicious application can leverage the input validation flaw to execute arbitrary code, potentially gaining high privileges on the device. The CVSS v3.1 score is 6.7 (medium severity), reflecting that the attack vector is local (AV:L), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high, indicating that successful exploitation could lead to complete compromise of the device. No known exploits are currently reported in the wild, and no patches or mitigations have been officially published yet. The vulnerability is tracked under CWE-1287, which relates to improper validation of the specified type of input, a common source of security issues in software handling external inputs. This vulnerability is particularly relevant for organizations deploying Axis network devices with ACAP capabilities enabled and permissive unsigned app installation settings, as these configurations increase the attack surface.

For European organizations, the impact of CVE-2025-4645 can be significant, especially for those relying on Axis network devices for surveillance, access control, or other security-critical functions. Successful exploitation could allow attackers to execute arbitrary code on devices, potentially leading to unauthorized access, data leakage, manipulation of video streams, or disruption of security monitoring systems. This could compromise physical security, violate privacy regulations such as GDPR, and disrupt business operations. Critical infrastructure sectors including transportation, energy, government facilities, and large enterprises using Axis devices are at heightened risk. The requirement for local access and high privileges limits the attack scope but does not eliminate risk, particularly in environments where insider threats or lateral movement are possible. The absence of known exploits in the wild currently reduces immediate risk but vigilance is necessary given the potential impact. The medium severity rating suggests that while the vulnerability is serious, it is not trivially exploitable without specific conditions, allowing organizations time to implement mitigations.

To mitigate CVE-2025-4645, European organizations should first ensure that Axis devices are not configured to allow the installation of unsigned ACAP applications, as this is a primary enabler of the vulnerability. Organizations should enforce strict policies to only install ACAP applications signed by trusted sources and verify application integrity before deployment. Network segmentation should be employed to limit access to management interfaces of Axis devices, reducing the risk of local exploitation. Monitoring and logging of ACAP application installations and device configuration changes can help detect suspicious activities. Where possible, restrict administrative privileges to trusted personnel and implement multi-factor authentication to reduce the risk of privilege escalation. Organizations should stay alert for official patches or updates from Axis Communications and apply them promptly once available. Additionally, conducting regular security assessments and penetration testing focused on Axis devices and their configurations can help identify and remediate potential weaknesses. Finally, user awareness training to prevent social engineering attacks aimed at convincing users to install malicious ACAP applications is recommended.