CVE-2025-4645 is a vulnerability identified in Axis Communications AB's AXIS OS, specifically version 12.0.0, related to improper validation of input types in ACAP configuration files (CWE-1287). ACAP (Axis Camera Application Platform) allows custom applications to run on Axis devices, enhancing functionality. The vulnerability arises because the ACAP configuration file lacks sufficient input validation, which can be exploited to execute arbitrary code on the device. However, exploitation requires that the device be configured to allow installation of unsigned ACAP applications, which is typically disabled by default for security reasons. An attacker must first convince a user or administrator to install a malicious ACAP application, which then leverages the improper input validation to execute code with high privileges. The CVSS v3.1 score is 6.7 (medium), reflecting that the attack vector is local (AV:L), requires low attack complexity (AC:L), but needs high privileges (PR:H) and no user interaction (UI:N). The impact on confidentiality, integrity, and availability is high, meaning successful exploitation could lead to full compromise of the device. There are no known exploits in the wild yet, and no patches have been linked, indicating that mitigation currently relies on configuration management and monitoring. This vulnerability is significant for environments where Axis devices are used in critical security or surveillance roles, as compromised devices could be used for espionage, disruption, or lateral movement within networks.

For European organizations, especially those relying on Axis network cameras and devices for security, surveillance, or industrial monitoring, this vulnerability poses a significant risk. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to full device compromise. This could result in unauthorized access to video feeds, manipulation or disabling of security monitoring, and use of compromised devices as footholds for further network intrusion. Confidentiality of sensitive surveillance data could be breached, integrity of device operation compromised, and availability of security systems disrupted. Given the high reliance on Axis devices in sectors such as critical infrastructure, transportation, government facilities, and corporate security across Europe, the impact could be severe. The requirement for high privileges and local access reduces the likelihood of widespread remote exploitation but insider threats or targeted attacks remain plausible. The absence of known exploits in the wild currently limits immediate risk but also means organizations should proactively address the vulnerability before exploitation occurs.

European organizations should immediately audit their Axis device configurations to ensure that installation of unsigned ACAP applications is disabled unless absolutely necessary. If unsigned ACAP app installation is required, implement strict controls on who can install applications and verify the integrity and source of all ACAP apps before installation. Network segmentation should be enforced to limit access to Axis devices to trusted administrators only. Monitoring and logging of ACAP application installations and device behavior should be enhanced to detect suspicious activity. Organizations should subscribe to Axis Communications security advisories and apply vendor patches promptly once released. Additionally, consider deploying endpoint detection and response (EDR) solutions on networks hosting these devices to detect anomalous behavior indicative of compromise. Regular security training for administrators managing Axis devices is recommended to prevent social engineering attempts that could lead to malicious app installation.