CVE-2025-56266 is a Host Header Injection vulnerability identified in Avigilon Access Control Manager (ACM) version 7.10.0.20. This vulnerability allows an attacker to supply a crafted URL containing malicious Host header values, which the application improperly processes. Host Header Injection occurs when a web application uses the Host header value from an HTTP request without proper validation or sanitization. In this case, the vulnerability enables an attacker to execute arbitrary code on the affected system by manipulating the Host header. This could lead to remote code execution (RCE), allowing the attacker to gain control over the affected server or device. The vulnerability is particularly critical because it leverages a common HTTP header that is often trusted by web applications for routing, generating links, or security checks. The lack of a CVSS score suggests this is a newly published vulnerability with limited public information or exploit data. No patches or fixes have been linked yet, and no known exploits are reported in the wild. The affected version is specifically Avigilon ACM v7.10.0.20, a version of Avigilon's physical access control software used to manage security devices such as cameras and access points. Given the nature of the vulnerability, exploitation likely requires sending a crafted HTTP request with a malicious Host header to the vulnerable web interface of the ACM software. The vulnerability could be exploited remotely without authentication if the ACM interface is exposed or accessible to attackers. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of the affected systems and the broader physical security infrastructure managed by Avigilon ACM.

For European organizations using Avigilon ACM v7.10.0.20, this vulnerability could have severe consequences. Avigilon ACM is widely used in critical infrastructure, government facilities, corporate campuses, and other high-security environments across Europe. Successful exploitation could allow attackers to execute arbitrary code, potentially leading to full system compromise. This could result in unauthorized access to physical security controls, manipulation or disabling of surveillance cameras, and disruption of access control systems. The breach of physical security systems could facilitate further attacks, including theft, espionage, or sabotage. Additionally, the compromise of these systems could lead to significant reputational damage, regulatory penalties under GDPR for failure to protect critical infrastructure, and operational downtime. The impact is heightened in sectors such as transportation, energy, healthcare, and government, where physical security is tightly integrated with cybersecurity. The absence of known exploits in the wild provides a limited window for mitigation, but the potential for rapid exploitation once details become public is high. Organizations with internet-facing ACM interfaces or insufficient network segmentation are at increased risk.

1. Immediate network-level controls: Restrict access to the Avigilon ACM web interface to trusted internal networks only. Implement firewall rules and VPN access to prevent exposure to the internet. 2. Input validation and monitoring: Although a patch is not yet available, organizations should monitor HTTP requests to the ACM interface for suspicious Host header values and anomalous traffic patterns. 3. Segmentation: Isolate the ACM servers within a secure network segment with strict access controls to limit lateral movement in case of compromise. 4. Vendor engagement: Engage with Avigilon support to obtain information on patches or mitigations and apply updates as soon as they become available. 5. Incident response readiness: Prepare to detect and respond to potential exploitation attempts by enabling detailed logging and monitoring of ACM server activity. 6. Temporary workaround: If feasible, implement web application firewalls (WAF) or reverse proxies that validate and sanitize Host headers before forwarding requests to the ACM server. 7. Review and harden authentication and authorization mechanisms on the ACM platform to reduce the impact of potential code execution.