CVE-2025-30027

Medium CVSS 6.7

Overview

An ACAP configuration file lacked sufficient input validation, which could allow for arbitrary code execution. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application.

CWE: CWE-1287 Published: 2025-08-12T06:15:25.617

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.7 (MEDIUM)
Detected tags: rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags