CVE-2025-30024

Published Jul 11, 2025

Last updated 5 months ago

CVSS medium 6.8
ICS
OT

Overview

Description
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack.
Source
product-security@axis.com
NVD status
Analyzed
Products
device_manager

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.8
Impact score
5.2
Exploitability score
1.6
Vector string
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
Severity
MEDIUM

Weaknesses

product-security@axis.com
CWE-295

Social media

Hype score
Not currently trending

  1. CVE-2025-30024 Man-in-the-Middle Vulnerability in Client-Server Communication Pr... https://t.co/F8VMoc8zen Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    11 Jul 2025

    21 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. CVE-2024-10085
  2. Android Framework Integer Overflow VulnerabilityCVE-2025-48595
  3. A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicle-charger signaling. The service is accessible on interfaces exposed through the charging connector, and it accepts a default administrative credential. A malicious device physically connected to the charging interface could leverage this misconfiguration to obtain full administrative access.CVE-2026-9039
  4. Nx Console Embedded Malicious Code VulnerabilityCVE-2026-48027
  5. Microsoft Defender Link Following VulnerabilityCVE-2026-41091

References

Sources include official advisories and independent security research.