- Description
- An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.
- Source
- disclosure@vulncheck.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 10
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
- disclosure@vulncheck.com
- CWE-502
- Hype score
- Not currently trending
Une vulnérabilité récemment divulguée, identifiée sous le numéro CVE-2025-34067, a été repérée dans la plateforme de gestion de sécurité largement déployée de HIKVISION, applyCT (également connue sous le nom de HikCentral). Source: https://t.co/sdpdDPjpBU https://
@KhalilouHanse
7 Jul 2025
23 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-34067 Hikvision HikCentral (Formerly "Integrated Security Management Platform") Remote Command Execution Via ApplyCT Fastjson 2025-07-02 https://t.co/2Mbt2MIaBK
@tdatwja
6 Jul 2025
182 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidad en HIKVISION HikCentral ❗CVE-2025-34067 ➡️Más info: https://t.co/iAvxhtjlfA https://t.co/zWkDab8Nwg
@CERTpy
4 Jul 2025
220 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
1 Quote
⚠️ HIKVISION Vulnerability Exposes Devices to Code Execution Attacks Read more: https://t.co/To3eyAld7c 1. CVE-2025-34067 (CVSS 10.0) in HIKVISION applyCT allows unauthenticated remote code execution. 2. Exploits Fastjson library via malicious JSON to https://t.co/cKMe2t9z
@The_Cyber_News
4 Jul 2025
823 Impressions
5 Retweets
10 Likes
4 Bookmarks
9 Replies
0 Quotes
CVE-2025-34067 An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a… https://t.co/Kr7YOdNSm0
@CVEnew
2 Jul 2025
442 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-34067: CRITICAL] Critical vulnerability in Hikvision Integrated Security Management Platform allows remote code execution due to Fastjson library flaw. Attackers can exploit to execute malicious co...#cve,CVE-2025-34067,#cybersecurity https://t.co/FAjQo9JlFX https://t.c
@CveFindCom
2 Jul 2025
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes