CVE-2025-12757 – CVE-2025-12757 is an information disclosure vul... (How to Fix)

Q: What is the severity of CVE-2025-12757?

CVE-2025-12757 has a CVSS score of 4.6 (MEDIUM). CVE-2025-12757 is an information disclosure vulnerability in AXIS Camera Station Pro where non-admin users can access restricted information. This affects organizations using AXIS video surveillance systems with Camera Station Pro software. The vulnerability allows unauthorized viewing of sensitive camera configuration or monitoring data.

📋 TL;DR

CVE-2025-12757 is an information disclosure vulnerability in AXIS Camera Station Pro where non-admin users can access restricted information. This affects organizations using AXIS video surveillance systems with Camera Station Pro software. The vulnerability allows unauthorized viewing of sensitive camera configuration or monitoring data.

💻 Affected Systems

Products:

AXIS Camera Station Pro

Versions: Specific versions not detailed in reference, but likely multiple recent versions

Operating Systems: Windows (based on typical AXIS Camera Station Pro deployment)

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated access to the Camera Station Pro interface, but non-admin privileges are sufficient.

📦 What is this software?

Camera Station Pro by Axis

View all CVEs affecting Camera Station Pro →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could access sensitive surveillance footage, camera configurations, or user data, potentially compromising physical security and privacy.

🟠

Likely Case

Unauthorized users within the organization viewing camera feeds or configurations they shouldn't have access to, violating privacy policies.

🟢

If Mitigated

Limited exposure of non-critical configuration data with proper access controls and network segmentation.

🌐 Internet-Facing: MEDIUM - If the Camera Station Pro interface is exposed to the internet, attackers could attempt to exploit this after gaining initial access.

🏢 Internal Only: HIGH - Internal users with legitimate but non-admin accounts could exploit this to access unauthorized information.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but only non-admin privileges. Likely involves manipulating interface elements or API calls.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check AXIS advisory for specific patched version

Vendor Advisory: https://www.axis.com/dam/public/de/38/d3/cve-2025-12757pdf-en-US-519289.pdf

Restart Required: Yes

Instructions:

1. Download latest AXIS Camera Station Pro update from AXIS website. 2. Backup current configuration. 3. Install update following AXIS documentation. 4. Restart the Camera Station Pro service.

🔧 Temporary Workarounds

Restrict User Permissions

all

Temporarily limit non-admin user access to Camera Station Pro interface

Network Segmentation

all

Isolate Camera Station Pro server from general network access

🧯 If You Can't Patch

Implement strict access controls and audit all user permissions
Monitor for unusual access patterns to camera management interface

🔍 How to Verify

Check if Vulnerable:

Check if non-admin users can access admin-only sections of Camera Station Pro interface

Check Version:

Check version in AXIS Camera Station Pro Help > About menu

Verify Fix Applied:

Verify patched version is installed and test that non-admin users cannot access restricted information

📡 Detection & Monitoring

Log Indicators:

Unusual access patterns to admin functions by non-admin users
Failed permission checks in application logs

Network Indicators:

Multiple requests to restricted API endpoints from non-admin accounts

SIEM Query:

source="axis_camera_station" AND (event_type="permission_violation" OR user_role="non-admin" AND resource="admin_interface")

📊 Metadata

CVE ID: CVE-2025-12757

CVSS v3 Score: 4.6 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE: CWE-22

EPSS Score: 0.01% exploit probability (0.3th percentile)

Published: February 10, 2026

Last Updated: February 17, 2026

🔗 References

https://www.axis.com/dam/public/de/38/d3/cve-2025-12757pdf-en-US-519289.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-12757, you might also want to check these: