CVE-2025-0358
📋 TL;DR
This vulnerability in Axis Communications' VAPIX Device Configuration framework allows lower-privileged users to escalate their privileges to administrator level. It affects Axis network video products using VAPIX API. Attackers with existing low-privilege access can gain full control of affected devices.
💻 Affected Systems
- Axis network video products with VAPIX API
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete device compromise allowing attackers to reconfigure security settings, disable cameras, exfiltrate video footage, or use devices as network pivots.
Likely Case
Unauthorized administrative access to surveillance systems, enabling camera manipulation, footage deletion, or system reconfiguration.
If Mitigated
Limited impact if proper network segmentation and access controls prevent low-privilege user access to vulnerable interfaces.
🎯 Exploit Status
Exploitation requires existing authenticated low-privilege access; detailed technical information available in Axis advisory
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Check Axis security advisory for specific firmware versions
Vendor Advisory: https://www.axis.com/dam/public/35/90/85/cve-2025-0358pdf-en-US-483809.pdf
Restart Required: Yes
Instructions:
1. Download latest firmware from Axis support portal. 2. Backup device configuration. 3. Apply firmware update via web interface or AXIS Device Manager. 4. Verify successful update and restore configuration if needed.
🔧 Temporary Workarounds
Disable VAPIX API
allDisable VAPIX interface if not required for functionality
Navigate to device web interface > System Options > Advanced > Plain Config > Disable VAPIX
Restrict Network Access
allLimit access to VAPIX interface to trusted networks only
Configure firewall rules to restrict access to port 80/443 on Axis devices
🧯 If You Can't Patch
- Implement strict network segmentation to isolate Axis devices from untrusted networks
- Enforce strong authentication and limit low-privilege user accounts
🔍 How to Verify
Check if Vulnerable:
Check firmware version against Axis security advisory; test with low-privilege account attempting privilege escalationCheck Version:
Access device web interface > System Options > Support > System Overview to view firmware versionVerify Fix Applied:
Verify firmware version is updated to patched version; test privilege escalation attempt fails📡 Detection & Monitoring
Log Indicators:
- Multiple privilege escalation attempts in system logs
- Unauthorized configuration changes by low-privilege users
Network Indicators:
- Unusual VAPIX API calls from low-privilege accounts
- Administrative actions from non-admin IP addresses
SIEM Query:
source="axis_device" AND (event_type="privilege_escalation" OR user_role_change="admin")