CVE-2025-5718 is a vulnerability identified in Axis Communications AB's AXIS OS version 12.0.0, specifically affecting the ACAP Application framework. The vulnerability stems from improper link resolution before file access (CWE-59), commonly known as a 'link following' issue. This flaw enables a symlink attack where an attacker can escalate privileges by exploiting how the system resolves symbolic links before accessing files. The attack vector requires that the Axis device be configured to allow installation of unsigned ACAP applications, which is not the default setting. Additionally, the attacker must convince a legitimate user to install a malicious ACAP application, making user interaction necessary. The CVSS v3.1 score is 6.8 (medium severity), reflecting network attack vector, low attack complexity, high privileges required, user interaction, and high impact on confidentiality, integrity, and availability. No public exploits or patches are currently available, indicating the vulnerability is newly disclosed and not yet widely exploited. The vulnerability could allow attackers to gain elevated privileges on the device, potentially leading to unauthorized access, manipulation of device functions, or disruption of services.

If exploited, this vulnerability could allow attackers to escalate privileges on Axis devices running AXIS OS 12.0.0, potentially gaining administrative control. This could lead to unauthorized access to sensitive video surveillance data, manipulation or disabling of security functions, and disruption of device availability. Organizations relying on Axis devices for physical security, especially in critical infrastructure, government, or enterprise environments, could face significant confidentiality, integrity, and availability risks. The requirement for user interaction and installation of a malicious application limits the attack scope but does not eliminate risk, particularly in environments where unsigned app installation is permitted. The compromise of such devices could facilitate lateral movement within networks or serve as a foothold for further attacks.

1. Disable the installation of unsigned ACAP applications on all Axis devices unless absolutely necessary. 2. Implement strict application whitelisting and only allow ACAP applications from trusted, verified sources. 3. Educate users and administrators about the risks of installing unverified applications and enforce policies to prevent installation of unauthorized software. 4. Monitor devices for unusual activity or unauthorized application installations. 5. Apply any future patches or updates from Axis Communications promptly once available. 6. Employ network segmentation to isolate Axis devices from critical network segments to limit potential lateral movement. 7. Conduct regular security audits of device configurations to ensure compliance with security best practices.