CVE-2025-13064
📋 TL;DR
This CVE describes a server-side injection vulnerability where a malicious administrator with a tampered client can inject and execute malicious scripts on the server. The attack requires admin privileges and a compromised client, affecting systems where administrators use untrusted or modified client software.
💻 Affected Systems
- Axis Camera Station
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise allowing data theft, lateral movement, or persistent backdoor installation via server-side code execution.
Likely Case
Limited server-side script execution within the application context, potentially leading to data manipulation or unauthorized access to application resources.
If Mitigated
No impact if proper client integrity checks and admin activity monitoring are in place.
🎯 Exploit Status
Requires admin privileges and ability to tamper with client software, making exploitation more complex than typical injection attacks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 6.18.5
Vendor Advisory: https://www.axis.com/dam/public/a9/9e/94/cve-2025-13064pdf-en-US-519290.pdf
Restart Required: Yes
Instructions:
1. Download Axis Camera Station version 6.18.5 from Axis portal. 2. Backup current configuration. 3. Run installer and follow upgrade prompts. 4. Restart the server after installation completes.
🔧 Temporary Workarounds
Client Integrity Monitoring
allImplement client-side integrity checks and monitoring to detect tampered admin clients.
Admin Session Monitoring
allEnable detailed logging and monitoring of admin activities for suspicious injection patterns.
🧯 If You Can't Patch
- Restrict admin access to trusted devices only and implement client integrity verification
- Implement network segmentation to isolate vulnerable systems and monitor all admin traffic
🔍 How to Verify
Check if Vulnerable:
Check Axis Camera Station version in application settings or Windows Programs list. Versions below 6.18.5 are vulnerable.Check Version:
Check via Axis Camera Station GUI: Help → About, or check Windows installed programs list.Verify Fix Applied:
Verify version shows 6.18.5 or higher in application settings and test admin functions with monitoring enabled.📡 Detection & Monitoring
Log Indicators:
- Unusual admin script execution patterns
- Unexpected server-side script modifications
- Admin client integrity check failures
Network Indicators:
- Suspicious admin client-server communications
- Unexpected script payloads in admin requests
SIEM Query:
source="axis_camera_station" AND (event_type="admin_action" AND action="script_execution") AND payload_size>normal_threshold