CVE-2025-6571 is a vulnerability classified under CWE-522 (Insufficiently Protected Credentials) affecting Axis Communications AB's AXIS OS versions 11.11.0 and 12.0.0. The issue stems from a third-party component within AXIS OS that exposes its password in the process arguments, which are accessible to other processes and users with sufficient privileges on the same system. This exposure allows low-privileged users who have high privileges (PR:H) on the system to retrieve sensitive credentials without requiring user interaction (UI:N). The vulnerability has a CVSS 3.1 base score of 6.0, indicating medium severity, with the attack vector being local (AV:L), high attack complexity (AC:H), and scope unchanged (S:U). The impact on confidentiality and integrity is high (C:H/I:H), while availability impact is low (A:L). Since the password is exposed in process arguments, it can be accessed by inspecting the process list or command-line arguments, which is a common technique for local attackers or malicious insiders. No known exploits are currently reported in the wild, and no official patches have been released at the time of publication. The vulnerability highlights a design flaw in credential handling within AXIS OS, potentially enabling attackers with local access to escalate privileges or move laterally by leveraging exposed credentials. AXIS OS is widely used in network video recorders and IP cameras, which are critical components in physical security infrastructures.

For European organizations, this vulnerability poses a significant risk to the confidentiality and integrity of credentials used within AXIS OS devices, such as IP cameras and video recorders. Exposure of passwords could allow attackers with local access to gain unauthorized control over these devices, potentially leading to unauthorized surveillance, data leakage, or pivoting to other network segments. This is particularly concerning for sectors relying heavily on physical security systems, including government facilities, transportation hubs, critical infrastructure, and large enterprises. The low availability impact means service disruption is less likely, but the compromise of credentials can facilitate stealthy attacks and persistent access. Given the local attack vector and high privilege requirement, the threat is more relevant to insider threats or attackers who have already breached perimeter defenses. However, once exploited, the attacker could undermine the security posture of the entire network segment where these devices operate, increasing the risk of broader compromise.

1. Restrict local access to AXIS OS devices strictly to trusted administrators and personnel to minimize the risk of local exploitation. 2. Implement strict access controls and monitoring on systems hosting AXIS OS to detect unauthorized process inspection or suspicious activity. 3. Use endpoint detection and response (EDR) tools to monitor for attempts to read process arguments or access sensitive credentials. 4. Apply network segmentation to isolate AXIS OS devices from critical network resources, limiting lateral movement opportunities. 5. Regularly audit user privileges to ensure no unnecessary high-privilege accounts exist on devices running AXIS OS. 6. Monitor vendor communications closely and apply patches or updates as soon as they become available to address this vulnerability. 7. Consider deploying additional credential protection mechanisms such as credential vaulting or hardware security modules if supported. 8. Educate administrators about the risks of credential exposure and the importance of secure credential management practices.