CVE-2025-6779 identifies a vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) in Axis Communications AB's AXIS OS, specifically version 12.0.0. The issue stems from improper permissions set on an ACAP (Axis Camera Application Platform) configuration file. ACAP allows custom applications to run on Axis devices, enhancing functionality. However, if the device is configured to allow installation of unsigned ACAP applications, an attacker who convinces a user to install a malicious ACAP app can exploit this vulnerability. The improper permissions enable command injection, which can escalate privileges on the device, potentially granting the attacker full control. The CVSS v3.1 score is 6.7, reflecting medium severity with high impact on confidentiality, integrity, and availability, but requiring local access with high privileges and no user interaction beyond installation. No patches or known exploits are currently reported, but the vulnerability poses a risk to environments where unsigned ACAP apps are allowed. The vulnerability's exploitation path involves social engineering to install the malicious app and leveraging the misconfigured permissions to execute arbitrary commands, leading to privilege escalation. This could compromise the device’s security, allowing attackers to manipulate surveillance data or disrupt device operation.

For European organizations, this vulnerability could have significant consequences, especially for those relying on Axis network cameras and devices for physical security, surveillance, and monitoring. Successful exploitation could lead to unauthorized access to video feeds, manipulation or deletion of recorded data, and disruption of device availability, undermining security operations. Confidentiality breaches could expose sensitive surveillance footage, while integrity and availability impacts could impair incident response and safety measures. Sectors such as government, critical infrastructure, transportation, and large enterprises using Axis devices are particularly at risk. The requirement for local access and user installation of unsigned apps limits widespread exploitation but does not eliminate targeted attacks, especially insider threats or social engineering campaigns. The lack of current known exploits provides a window for mitigation, but organizations should act promptly to prevent potential compromise.

To mitigate CVE-2025-6779, European organizations should: 1) Disable the installation of unsigned ACAP applications on all Axis devices to prevent unauthorized or malicious app deployment. 2) Review and correct file and directory permissions related to ACAP configuration files to ensure they follow the principle of least privilege. 3) Implement strict access controls and monitoring on devices to detect unauthorized configuration changes or app installations. 4) Educate users and administrators about the risks of installing unsigned applications and enforce policies against installing unverified software. 5) Regularly audit Axis devices for firmware updates and configuration compliance, even though no patch is currently available, to stay prepared for future fixes. 6) Segment network access to Axis devices to limit exposure to trusted personnel and systems only. 7) Employ endpoint detection and response (EDR) tools to identify suspicious activities related to ACAP app installations or command injection attempts. These steps go beyond generic advice by focusing on configuration hardening, user awareness, and proactive monitoring tailored to the specific vulnerability context.