CVE-2025-11547
📋 TL;DR
CVE-2025-11547 is a privilege escalation vulnerability in AXIS Camera Station Pro that allows authenticated non-admin users to gain administrative privileges on the server. This affects organizations using AXIS Camera Station Pro for video surveillance management. Attackers with valid user accounts can exploit this to take full control of the surveillance system.
💻 Affected Systems
- AXIS Camera Station Pro
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the surveillance system allowing attackers to disable cameras, delete footage, manipulate recordings, and use the server as a foothold for lateral movement within the network.
Likely Case
Unauthorized administrative access leading to surveillance system manipulation, footage tampering, or disabling of security monitoring capabilities.
If Mitigated
Limited impact if proper network segmentation, least privilege access controls, and monitoring are in place to detect privilege escalation attempts.
🎯 Exploit Status
Exploitation requires authenticated access as a non-admin user. The technical details suggest relatively straightforward exploitation once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.18.4 and later
Vendor Advisory: https://www.axis.com/dam/public/permalink/253485/cve-2025-11547pdf-en-US_253485.pdf?noS3=1
Restart Required: Yes
Instructions:
1. Download AXIS Camera Station Pro version 6.18.4 or later from Axis website. 2. Backup current configuration. 3. Run the installer to upgrade. 4. Restart the server. 5. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict User Access
allLimit access to AXIS Camera Station Pro to only essential administrative users until patching can be completed.
Network Segmentation
allIsolate the AXIS Camera Station Pro server from general network access and restrict to only necessary communication paths.
🧯 If You Can't Patch
- Implement strict access controls and monitor for privilege escalation attempts
- Segment the surveillance network and restrict server access to authorized IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check the AXIS Camera Station Pro version in the application's About section or Windows Programs and Features. If version is below 6.18.4, the system is vulnerable.Check Version:
Check via AXIS Camera Station Pro GUI: Help → About, or check Windows installed programs listVerify Fix Applied:
After updating, verify the version shows 6.18.4 or higher in the application's About section.📡 Detection & Monitoring
Log Indicators:
- Unusual privilege escalation events in application logs
- Multiple failed then successful authentication attempts from same user
- Administrative actions performed by non-admin accounts
Network Indicators:
- Unusual authentication patterns to the AXIS Camera Station Pro service
- Administrative API calls from non-admin user accounts
SIEM Query:
source="axis_camera_station" AND (event_type="privilege_escalation" OR user_role_change="admin")