CVE-2025-5452 is a vulnerability identified in Axis Communications AB's AXIS OS version 12.0.0, specifically related to the Axis Camera Application Platform (ACAP). The vulnerability arises from improper handling of sensitive information during process invocation, classified under CWE-214. A malicious ACAP application, if installed on a vulnerable device, can gain access to admin-level service account credentials that are intended for legitimate ACAP applications. This credential exposure enables the malicious application to escalate its privileges, potentially compromising the device's security posture. Exploitation requires two key conditions: the Axis device must be configured to allow installation of unsigned ACAP applications, and an attacker must successfully convince a user or administrator to install the malicious ACAP application. The vulnerability affects confidentiality, integrity, and availability, as the attacker can misuse elevated privileges to manipulate device functions or extract sensitive data. The CVSS v3.1 base score is 6.6 (medium severity), reflecting network attack vector, high attack complexity, requirement for high privileges, no user interaction, and high impact on confidentiality, integrity, and availability. No patches or known exploits are currently reported, indicating the vulnerability is newly disclosed and not yet actively exploited. The issue highlights the risk of allowing unsigned application installations and the importance of secure application management on IoT and network devices.

For European organizations, especially those deploying Axis network cameras and devices in critical infrastructure, manufacturing, transportation, and public safety sectors, this vulnerability poses a significant risk. Compromise of admin-level credentials can lead to unauthorized access, manipulation, or disruption of surveillance systems, undermining physical security and operational continuity. Confidentiality breaches could expose sensitive video feeds or device configurations, while integrity violations could allow attackers to alter device behavior or firmware. Availability impacts could result from denial-of-service or device malfunction caused by malicious applications with escalated privileges. Given the reliance on Axis devices in many European enterprises and public institutions, exploitation could facilitate broader network infiltration or espionage. The requirement for user installation of malicious ACAP apps somewhat limits the attack surface but does not eliminate risk, especially in environments with less stringent device management or where social engineering is feasible.

1. Disable the installation of unsigned ACAP applications on all Axis devices to prevent unauthorized or malicious app deployment. 2. Implement strict access controls and authentication mechanisms to limit who can install or manage ACAP applications. 3. Regularly audit installed ACAP applications and remove any that are not verified or necessary. 4. Educate users and administrators about the risks of installing untrusted applications and enforce policies against installing software from unverified sources. 5. Monitor device logs and network traffic for unusual activity that could indicate exploitation attempts. 6. Coordinate with Axis Communications for timely updates or patches once available and apply them promptly. 7. Segment network zones to isolate Axis devices from critical infrastructure and reduce lateral movement opportunities. 8. Employ endpoint detection and response (EDR) tools capable of identifying anomalous behavior on network devices. 9. Maintain an inventory of all Axis devices and their firmware versions to ensure vulnerable versions are identified and remediated. 10. Consider deploying additional security layers such as network access control (NAC) to enforce device compliance.