CVE-2025-8108 is a vulnerability identified in Axis Communications AB's AXIS OS version 12.0.0, specifically related to the handling of ACAP (Axis Camera Application Platform) configuration files. The core issue stems from improper validation of input types (CWE-1287) and improper permissions (CWE-732) on these configuration files. ACAP applications extend the functionality of Axis network devices, such as IP cameras, by allowing custom applications to run on the device. This vulnerability can be exploited if the device is configured to permit the installation of unsigned ACAP applications, which bypasses the normal security checks that ensure only trusted code runs on the device. An attacker must first convince a victim to install a malicious ACAP application, which then leverages the improper input validation and insecure file permissions to escalate privileges on the device. The CVSS v3.1 score of 6.7 (medium severity) reflects that exploitation requires local access (AV:L), low attack complexity (AC:L), and high privileges (PR:H), but no user interaction (UI:N). The impact includes potential full compromise of the device’s confidentiality, integrity, and availability, allowing attackers to manipulate device functions, access sensitive data streams, or disrupt operations. No known exploits have been reported in the wild, but the vulnerability poses a significant risk in environments where unsigned ACAP installation is enabled. The lack of vendor patches at the time of publication means mitigation relies on configuration changes and monitoring.

For European organizations, particularly those deploying Axis network devices for video surveillance, physical security, or critical infrastructure monitoring, this vulnerability presents a tangible risk of privilege escalation. Exploitation could allow attackers to gain elevated control over devices, potentially leading to unauthorized access to video feeds, tampering with device configurations, or causing denial of service. This could undermine security operations, violate privacy regulations such as GDPR, and disrupt business continuity. Sectors like transportation, government facilities, utilities, and large enterprises that rely heavily on Axis devices are at heightened risk. The requirement for local access and high privileges limits remote exploitation but insider threats or compromised internal networks could facilitate attacks. The absence of known exploits reduces immediate risk but also means organizations must proactively address the vulnerability before attackers develop exploits.

1. Disable the installation of unsigned ACAP applications on all Axis devices to prevent untrusted code execution. 2. Review and tighten file system permissions on ACAP configuration files to ensure they are not writable or accessible by unauthorized users or applications. 3. Implement strict access controls and network segmentation to limit local access to Axis devices, reducing the attack surface. 4. Monitor device logs and network traffic for signs of unauthorized ACAP application installations or suspicious activity. 5. Engage with Axis Communications for updates and patches addressing this vulnerability and apply them promptly once available. 6. Conduct regular security audits of Axis devices and ACAP application usage policies. 7. Train staff on the risks of installing unverified applications and enforce policies to prevent social engineering attacks that could lead to malicious ACAP app installation.