6,500 Axis Servers Expose Remoting Protocol; 4,000 in U.S. Vulnerable to Exploits

Aug 07, 2025Ravie LakshmananVulnerability / Threat Intelligence

Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.

“The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view camera feeds,” Claroty researcher Noam Moshe said.

“Furthermore, using internet scans of exposed Axis.Remoting services, an attacker can enumerate vulnerable servers and clients, and carry out granular, highly targeted attacks.”

The list of identified flaws is below –

• CVE-2025-30023 (CVSS score: 9.0) – A flaw in the communication protocol used between client and server that could lead to an authenticated user performing a remote code execution attack (Fixed in Camera Station Pro 6.9, Camera Station 5.58, and Device Manager 5.32)
• CVE-2025-30024 (CVSS score: 6.8) – A flaw in the communication protocol used between client and server that could be leveraged to execute an adversary-in-the-middle (AitM) attack (Fixed in Device Manager 5.32)
• CVE-2025-30025 (CVSS score: 4.8) – A flaw in the communication protocol used between the server process and the service control that could lead to a local privilege escalation (Fixed in Camera Station Pro 6.8 and Device Manager 5.32)
• CVE-2025-30026 (CVSS score: 5.3) – A flaw in the Axis Camera Station Server that could lead to an authentication bypass (Fixed in Camera Station Pro 6.9 and Camera Station 5.58)

Successful exploitation of the aforementioned vulnerabilities could allow an attacker to assume an AitM position between the Camera Station and its clients, effectively making it possible to alter requests/responses and execute arbitrary actions on either the server or client systems. There is no evidence that the issues have been exploited in the wild.

Claroty said it found more than 6,500 servers that expose the proprietary Axis.Remoting protocol and its services over the internet, out of which nearly 4,000 of them are located in the U.S.

“Successful exploits give attackers system-level access on the internal network and the ability to control each of the cameras within a specific deployment,” Moshe noted. “Feeds can be hijacked, watched, and/or shut down. Attackers can exploit these security issues to bypass authentication to the cameras and gain pre-authentication remote code execution on the devices.”

Upgrade your audio game with the Logitech for Creators Blue Yeti USB Microphone. With over 33,730 ratings and an impressive 4.6 out of 5 stars, it’s no wonder this is an Amazon’s Choice product. Recently, 5K+ units were purchased in the past month.

Available in five stunning colors: Teal, Silver, Pink Dawn, Midnight Blue, and Blackout, this microphone is perfect for creators looking to produce exceptional audio. Priced at only $84.99, it’s a deal you can’t afford to miss.

Elevate your recordings with clear broadcast-quality sound and explore your creativity with enhanced effects, advanced modulation, and HD audio samples. Order now for just $84.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!