Axis Camera_station_pro
11 CVEs affecting Axis Camera_station_pro. Latest disclosed: 2026-02-10. Critical: 2, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-30026 | Critical | 9.8 | 2025-07-11 | The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. |
CVE-2025-30023 | Critical | 9.0 | 2025-07-11 | The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. |
CVE-2025-11547 | High | 7.8 | 2026-02-10 | AXIS Camera Station Pro contained a flaw to perform a privilege escalation attack on the server as a non-admin user. |
CVE-2025-30025 | High | 7.8 | 2025-07-11 | The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. |
CVE-2024-7696 | Medium | 6.3 | 2025-01-07 | Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log… |
CVE-2025-1056 | Medium | 6.1 | 2025-04-23 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can m… |
CVE-2025-0926 | Medium | 5.9 | 2025-04-23 | Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for a non-admin user to remove system files causing a boot loop… |
CVE-2025-12063 | Medium | 5.7 | 2026-02-10 | An insecure direct object reference allowed a non-admin user to modify or remove certain data objects without having the appropriate permissions. |
CVE-2025-7622 | Medium | 5.7 | 2025-08-12 | During an internal security assessment, a Server-Side Request Forgery (SSRF) vulnerability that allowed an authenticated attacker to access internal resources… |
CVE-2025-12757 | Medium | 4.6 | 2026-02-10 | An AXIS Camera Station Pro feature can be exploited in a way that allows a non-admin user to view information they are not permitted to. |
CVE-2025-13064 | Medium | 4.5 | 2026-02-10 | A server-side injection was possible for a malicious admin to manipulate the application to include a malicious script which is executed by the server. This at… |