CVE-2025-3892 – CVE-2025-3892 is a privilege escalation vulnera... (How to Fix)

Q: What is the severity of CVE-2025-3892?

CVE-2025-3892 has a CVSS score of 6.7 (MEDIUM). CVE-2025-3892 is a privilege escalation vulnerability in Axis devices that allows ACAP applications to execute with elevated privileges. This affects Axis device users who have enabled installation of unsigned ACAP applications. An attacker must convince a victim to install a malicious ACAP application to exploit this vulnerability.

📋 TL;DR

CVE-2025-3892 is a privilege escalation vulnerability in Axis devices that allows ACAP applications to execute with elevated privileges. This affects Axis device users who have enabled installation of unsigned ACAP applications. An attacker must convince a victim to install a malicious ACAP application to exploit this vulnerability.

💻 Affected Systems

Products:

Axis devices supporting ACAP applications

Versions: All versions prior to patched firmware

Operating Systems: Axis device firmware

Default Config Vulnerable: ✅ No

Notes: Only vulnerable if configured to allow installation of unsigned ACAP applications

📦 What is this software?

Axis Os by Axis

View all CVEs affecting Axis Os →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with root/system-level access, allowing complete control over the Axis device, data exfiltration, and persistence.

🟠

Likely Case

Limited privilege escalation within the device's application environment, potentially allowing access to restricted functions or data.

🟢

If Mitigated

No impact if unsigned ACAP applications are blocked or if users only install trusted applications from verified sources.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires social engineering to convince victim to install malicious ACAP application

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Axis security advisory for specific firmware versions

Vendor Advisory: https://www.axis.com/dam/public/ae/19/16/cve-2025-3892pdf-en-US-492760.pdf

Restart Required: No

Instructions:

1. Download latest firmware from Axis website. 2. Upload firmware to device via web interface. 3. Apply firmware update. 4. Verify update completed successfully.

🔧 Temporary Workarounds

Disable unsigned ACAP applications

all

Configure device to only allow signed ACAP applications from trusted sources

🧯 If You Can't Patch

Configure device to block all ACAP application installations
Implement network segmentation to isolate vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check device configuration for ACAP application installation settings and verify if unsigned applications are allowed

Check Version:

Check device web interface or use Axis device management tools

Verify Fix Applied:

Verify firmware version matches patched version from Axis advisory and confirm unsigned ACAP applications are blocked

📡 Detection & Monitoring

Log Indicators:

Unauthorized ACAP application installation attempts
Privilege escalation attempts in system logs

Network Indicators:

Unexpected outbound connections from Axis devices
Unusual network traffic patterns

SIEM Query:

source="axis_device" AND (event="acap_install" OR event="privilege_escalation")

📊 Metadata

CVE ID: CVE-2025-3892

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-250

EPSS Score: 0.02% exploit probability (3.6th percentile)

Published: August 12, 2025

Last Updated: January 13, 2026

🔗 References

https://www.axis.com/dam/public/ae/19/16/cve-2025-3892pdf-en-US-492760.pdf Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3892, you might also want to check these: