We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34067

Hikvision HikCentral (formerly "Integrated Security Management Platform") Remote Command Execution via applyCT Fastjson



Description

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.

Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-02 | Assigner VulnCheck


CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-502 Deserialization of Untrusted Data

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Product status

Default status
unaffected

Any version
affected

References

github.com/... applyCT Fastjson远程命令执行漏洞.md exploit

s4e.io/tools/hikvision-applyct-remote-code-execution third-party-advisory

vulncheck.com/...vision-hik-central-remote-command-execution third-party-advisory

cve.org (CVE-2025-34067)

nvd.nist.gov (CVE-2025-34067)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34067

Support options

Helpdesk Chat, Email, Knowledgebase