CVE-2025-8108 is a vulnerability identified in Axis Communications AB's AXIS OS version 12.0.0, specifically related to the handling of ACAP (Axis Camera Application Platform) configuration files. The root cause lies in improper validation of the input type and insecure file permissions, which can allow an attacker to escalate privileges on the device. This vulnerability is classified under CWE-1287 (Improper Validation of Specified Type of Input) and CWE-732 (Incorrect Permission Assignment for Critical Resource). Exploitation requires that the Axis device be configured to permit the installation of unsigned ACAP applications, which is not the default setting and represents a security risk if enabled. An attacker must convince a victim to install a malicious ACAP application, which then leverages the improper input validation and file permission weaknesses to gain elevated privileges. The CVSS v3.1 base score is 6.7, indicating a medium severity level. The vector indicates that the attack requires local access (AV:L), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), and impacts confidentiality, integrity, and availability (C:H/I:H/A:H). No public exploits have been reported yet, but the vulnerability poses a risk to devices configured insecurely. The vulnerability affects only version 12.0.0 of AXIS OS, and no patches have been published at the time of reporting. This vulnerability highlights the importance of secure configuration and strict permission controls on embedded device platforms.

If exploited, this vulnerability could allow an attacker to escalate privileges on an Axis device running AXIS OS 12.0.0, potentially gaining administrative control. This could lead to unauthorized access to sensitive video feeds, manipulation or disruption of device functionality, and compromise of the device’s integrity and availability. Given that Axis devices are widely used in surveillance and security infrastructure globally, such a compromise could undermine physical security, enable espionage, or disrupt critical monitoring systems. The requirement for local access and high privileges limits the attack surface but does not eliminate risk, especially in environments where unsigned ACAP application installation is enabled. The impact extends beyond individual devices to potentially affect entire security ecosystems relying on these devices, including government, corporate, and industrial sectors.

1. Disable the installation of unsigned ACAP applications on all Axis devices unless absolutely necessary and ensure only trusted, signed applications are installed. 2. Review and enforce strict file permission settings on ACAP configuration files to prevent unauthorized modification. 3. Monitor device configurations regularly to detect and prevent insecure settings that allow unsigned app installations. 4. Implement network segmentation and access controls to limit local access to Axis devices, reducing the risk of exploitation. 5. Educate users and administrators about the risks of installing untrusted ACAP applications and enforce policies to prevent such installations. 6. Stay alert for official patches or updates from Axis Communications and apply them promptly once available. 7. Employ intrusion detection systems to monitor for suspicious activity related to ACAP application installations or privilege escalation attempts. 8. Conduct regular security audits and vulnerability assessments on Axis devices within the network.