CVE-2025-5718 is a vulnerability classified under CWE-59 (Improper Link Resolution Before File Access, also known as 'Link Following') affecting the ACAP Application framework in Axis Communications AB's AXIS OS version 12.0.0. The vulnerability arises because the framework does not properly validate symbolic links before accessing files, allowing an attacker to craft a symlink attack that leads to privilege escalation. Specifically, if an Axis device is configured to allow the installation of unsigned ACAP applications, an attacker can convince a legitimate user or administrator to install a malicious ACAP application containing a crafted symlink. This malicious app can exploit the improper link resolution to escalate privileges, potentially gaining higher system rights than intended. The attack vector is network-based (AV:N), requires low attack complexity (AC:L), but needs high privileges (PR:H) and user interaction (UI:R) to succeed. The scope is unchanged (S:U), but the impact on confidentiality, integrity, and availability is high (C:H/I:H/A:H), meaning a successful exploit could fully compromise the device. No patches or known exploits are currently reported, but the vulnerability is published and assigned a CVSS v3.1 score of 6.8, indicating a medium severity. This vulnerability is particularly relevant for environments where unsigned ACAP app installation is enabled, which is not the default setting, thus limiting the attack surface but still posing a risk if misconfigured.

For European organizations, especially those deploying Axis Communications devices in surveillance, physical security, or critical infrastructure monitoring, this vulnerability poses a significant risk. Successful exploitation could allow attackers to escalate privileges on the device, potentially leading to unauthorized access to sensitive video feeds, manipulation or disruption of security monitoring, and lateral movement within internal networks. The confidentiality of surveillance data could be compromised, integrity of device configurations altered, and availability of security services disrupted. Given the reliance on Axis devices in sectors like transportation, government facilities, and utilities across Europe, the impact could extend to national security and public safety. The requirement for user interaction and installation of unsigned apps limits mass exploitation but targeted attacks against high-value organizations remain a concern. The absence of known exploits suggests a window for proactive mitigation before active exploitation occurs.

To mitigate this vulnerability, European organizations should first verify and disable the installation of unsigned ACAP applications on all Axis devices unless absolutely necessary. This setting is the primary enabler of the attack vector. Implement strict access controls and user permissions to prevent unauthorized app installations, ensuring only trusted administrators can deploy ACAP applications. Conduct regular audits of installed ACAP apps to detect any unauthorized or suspicious applications. Network segmentation should be employed to isolate Axis devices from general user networks, reducing exposure to potential attackers. Monitoring and alerting for unusual device behavior or installation attempts can provide early detection. Organizations should also engage with Axis Communications for any forthcoming patches or updates addressing this vulnerability and plan timely deployment. Additionally, educating users and administrators about the risks of installing unsigned applications and social engineering tactics can reduce the likelihood of successful exploitation.