CVE-2025-0324
📋 TL;DR
CVE-2025-0324 is a privilege escalation vulnerability in Axis VAPIX Device Configuration framework that allows authenticated low-privileged users to gain administrator privileges. This affects Axis network cameras and video encoders with VAPIX API enabled. Attackers can take full control of affected devices.
💻 Affected Systems
- Axis network cameras
- Axis video encoders
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to reconfigure devices, disable security features, access video streams, pivot to internal networks, or install persistent malware.
Likely Case
Attackers gain administrative access to modify device settings, disable recording, access sensitive video feeds, or use devices as footholds for lateral movement.
If Mitigated
Limited impact if devices are isolated in separate VLANs with strict network segmentation and access controls preventing lateral movement.
🎯 Exploit Status
Requires authenticated access but low complexity for exploitation once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: VAPIX firmware 2025.1.1 or later
Vendor Advisory: https://www.axis.com/dam/public/04/f3/1c/cve-2025-0324pdf-en-US-483807.pdf
Restart Required: Yes
Instructions:
1. Download latest firmware from Axis support portal. 2. Backup device configuration. 3. Upload firmware via web interface. 4. Apply update. 5. Reboot device. 6. Verify firmware version.
🔧 Temporary Workarounds
Disable VAPIX API
allTemporarily disable VAPIX API to prevent exploitation until patching
Navigate to device web interface > System Options > Advanced > Plain Config > Set 'VAPIX.Enabled' to 'no'
Restrict VAPIX Access
allLimit VAPIX API access to trusted IP addresses only
Navigate to device web interface > System Options > Security > IP Address Filter > Add allowed IP ranges for VAPIX
🧯 If You Can't Patch
- Isolate affected devices in separate VLAN with strict firewall rules
- Implement network segmentation to prevent lateral movement from compromised devices
🔍 How to Verify
Check if Vulnerable:
Check firmware version via web interface: System Options > Support > System Overview > Firmware versionCheck Version:
curl -k https://<device-ip>/axis-cgi/param.cgi?action=list&group=Properties.Firmware.VersionVerify Fix Applied:
Verify firmware version is 2025.1.1 or later and test privilege escalation attempts fail📡 Detection & Monitoring
Log Indicators:
- Multiple failed privilege escalation attempts
- Unexpected user privilege changes
- Configuration changes from non-admin users
Network Indicators:
- Unusual VAPIX API requests from internal IPs
- Multiple authentication attempts followed by privilege escalation patterns
SIEM Query:
source="axis-device-logs" AND (event_type="privilege_escalation" OR user_privilege_change="true")