CVE-2025-7622 is a Server-Side Request Forgery (SSRF) vulnerability identified in Axis Communications AB's AXIS Camera Station Pro version 6. SSRF vulnerabilities allow an attacker to induce the server-side application to make HTTP requests to arbitrary domains, including internal resources that are otherwise inaccessible externally. In this case, the vulnerability requires the attacker to be authenticated with low privileges (PR:L) but does not require user interaction (UI:N) or additional authentication tokens (AT:N). The vulnerability affects the confidentiality, integrity, and availability of internal network resources to a limited extent (VC:L, VI:L, VA:L). The CVSS 4.0 base score is 5.1, indicating a medium severity level. The vulnerability was discovered during an internal security assessment and allows an authenticated attacker to access internal resources on the server, potentially bypassing network segmentation or firewall protections. No known exploits are currently reported in the wild, and no patches have been published yet. The vulnerability is classified under CWE-918, which covers SSRF issues where the server is tricked into making unintended requests. The attack vector is adjacent network (AV:A), meaning the attacker must have some network access to the device, typically within the same local or VPN network. The vulnerability's scope is limited to the affected version 6 of AXIS Camera Station Pro, a video management software used for managing Axis network cameras and video encoders.

For European organizations, this SSRF vulnerability poses a moderate risk, especially for those using AXIS Camera Station Pro version 6 to manage surveillance infrastructure. Exploitation could allow an attacker with valid credentials to access internal network resources that are normally protected, potentially leading to unauthorized data access, reconnaissance of internal systems, or pivoting attacks within the network. This could compromise sensitive video feeds, internal management interfaces, or other critical infrastructure components connected to the same network. Given the use of video surveillance in sectors such as critical infrastructure, transportation, government facilities, and corporate environments across Europe, the impact could extend to privacy violations, operational disruptions, and regulatory compliance issues under GDPR if personal data is exposed. The medium severity score reflects that while the vulnerability requires authentication and network proximity, the potential for lateral movement and internal resource exposure makes it a significant concern for organizations with high-value internal assets.

To mitigate this vulnerability, European organizations should: 1) Immediately verify if they are running AXIS Camera Station Pro version 6 and restrict access to the management interface to trusted administrators only, preferably via VPN or secure network segments. 2) Enforce strong authentication and access controls to limit the number of users who can authenticate to the system, reducing the attack surface. 3) Monitor network traffic for unusual outbound requests originating from the AXIS Camera Station Pro server that could indicate SSRF exploitation attempts. 4) Segment the network to isolate the camera management system from sensitive internal resources, minimizing the impact of potential SSRF exploitation. 5) Apply any forthcoming patches or updates from Axis Communications as soon as they become available. 6) Conduct regular security assessments and penetration tests focusing on internal network access controls and SSRF vulnerabilities. 7) Implement web application firewalls (WAF) or intrusion detection systems (IDS) that can detect and block SSRF patterns targeting the camera management system.