CVE-2025-30027 – This CVE describes an ACAP configuration file v... (How to Fix)

Q: What is the severity of CVE-2025-30027?

CVE-2025-30027 has a CVSS score of 6.7 (MEDIUM). This CVE describes an ACAP configuration file vulnerability in Axis devices that lacks sufficient input validation, potentially allowing arbitrary code execution. The vulnerability requires the device to be configured to allow installation of unsigned ACAP applications and for an attacker to convince a victim to install a malicious ACAP application. This affects Axis devices with vulnerable ACAP configurations.

📋 TL;DR

This CVE describes an ACAP configuration file vulnerability in Axis devices that lacks sufficient input validation, potentially allowing arbitrary code execution. The vulnerability requires the device to be configured to allow installation of unsigned ACAP applications and for an attacker to convince a victim to install a malicious ACAP application. This affects Axis devices with vulnerable ACAP configurations.

💻 Affected Systems

Products:

Axis devices with ACAP functionality

Versions: Specific versions not detailed in provided reference; consult Axis advisory for exact affected versions

Operating Systems: Axis device firmware/OS

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when configured to allow installation of unsigned ACAP applications. Default configuration typically restricts to signed applications only.

📦 What is this software?

Axis Os by Axis

View all CVEs affecting Axis Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise with arbitrary code execution, allowing attacker to gain persistent access, modify device functionality, or pivot to other network resources.

🟠

Likely Case

Limited impact since exploitation requires social engineering to install malicious applications and specific configuration settings that are not default.

🟢

If Mitigated

No impact if devices are configured to only allow signed ACAP applications or if ACAP application installation is disabled.

🌐 Internet-Facing: MEDIUM - Internet-facing devices could be targeted through social engineering campaigns, but exploitation requires user interaction and non-default configuration.

🏢 Internal Only: LOW - Internal devices are less likely to be targeted through social engineering, and the same configuration requirements apply.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires social engineering to convince victim to install malicious ACAP application and specific device configuration settings.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Axis advisory for specific patched firmware versions

Vendor Advisory: https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf

Restart Required: No

Instructions:

1. Download latest firmware from Axis support portal. 2. Apply firmware update through device web interface or management tool. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Disable unsigned ACAP applications

all

Configure devices to only allow installation of signed ACAP applications

Configure via device web interface: Settings > System > ACAP > Allow unsigned applications = Disabled

Disable ACAP application installation

all

Completely disable ACAP application installation capability

Configure via device web interface: Settings > System > ACAP > Application installation = Disabled

🧯 If You Can't Patch

Implement strict network segmentation to isolate vulnerable devices
Enable logging and monitoring for ACAP application installation attempts

🔍 How to Verify

Check if Vulnerable:

Check device configuration: Settings > System > ACAP > Verify if 'Allow unsigned applications' is enabled

Check Version:

Check via device web interface: Settings > System > Overview > Firmware version

Verify Fix Applied:

Verify firmware version is updated to patched version and 'Allow unsigned applications' setting is disabled

📡 Detection & Monitoring

Log Indicators:

ACAP application installation events
Unsigned application installation attempts
Unexpected ACAP-related system changes

Network Indicators:

Unexpected outbound connections from Axis devices
ACAP application download traffic

SIEM Query:

source="axis_device" AND (event="acap_install" OR event="unsigned_app")

📊 Metadata

CVE ID: CVE-2025-30027

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-1287

EPSS Score: 0.03% exploit probability (8th percentile)

Published: August 12, 2025

Last Updated: January 13, 2026

🔗 References

https://www.axis.com/dam/public/ab/9a/a5/cve-2025-30027pdf-en-US-492762.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30027, you might also want to check these: