CVE-2025-6779 is a vulnerability identified in Axis Communications AB's AXIS OS, specifically version 12.0.0. The root cause is improper permission assignment (CWE-732) on an ACAP configuration file, which is critical for the device's application control. This misconfiguration allows an attacker to perform command injection, potentially leading to privilege escalation on the device. However, exploitation is conditional: the Axis device must be configured to permit installation of unsigned ACAP applications, and the attacker must convince a legitimate user to install a malicious ACAP application. ACAP (Axis Camera Application Platform) allows custom applications to run on Axis devices, which are commonly used in network video surveillance. The vulnerability's CVSS 3.1 score is 6.7 (medium severity), with vector AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H, indicating local attack vector, low attack complexity, high privileges required, no user interaction, unchanged scope, and high impact on confidentiality, integrity, and availability. No public exploits have been reported yet, and no patches are currently linked, suggesting the need for proactive mitigation. This vulnerability could be leveraged to gain unauthorized control over Axis devices, potentially disrupting surveillance operations or exfiltrating sensitive video data.

For European organizations, especially those relying on Axis network video devices for security and surveillance, this vulnerability poses a risk of unauthorized command execution and privilege escalation on critical infrastructure devices. Successful exploitation could lead to compromise of video feeds, disruption of security monitoring, and potential lateral movement within the network. Given the high confidentiality, integrity, and availability impact, attackers could manipulate or disable surveillance systems, undermining physical security and compliance with data protection regulations such as GDPR. The requirement for local access and high privileges limits remote exploitation but insider threats or compromised administrative accounts could facilitate attacks. Organizations in sectors like critical infrastructure, transportation, government, and large enterprises with extensive Axis device deployments are particularly at risk.

To mitigate this vulnerability, European organizations should: 1) Disable the installation of unsigned ACAP applications unless absolutely necessary; enforce strict application signing policies. 2) Restrict administrative access to Axis devices to trusted personnel only, employing strong authentication and role-based access controls. 3) Monitor device logs and network traffic for unauthorized ACAP application installations or suspicious activity. 4) Apply any forthcoming patches or updates from Axis Communications promptly once available. 5) Conduct regular security audits of Axis devices and their configurations, focusing on permissions and application controls. 6) Educate users and administrators about the risks of installing untrusted ACAP applications to prevent social engineering exploitation. 7) Segment network zones to isolate surveillance devices from general IT infrastructure to limit lateral movement in case of compromise.