CVE-2025-34067 | THREATINT

Description

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-11-20 | Assigner VulnCheck

CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-502 Deserialization of Untrusted Data

Product status

Default status

unaffected

Any version

affected

References

github.com/...�� applyCT Fastjson远程命令执行漏洞.md exploit

s4e.io/tools/hikvision-applyct-remote-code-execution third-party-advisory

vulncheck.com/advisories/hikvision-ismp-rce-applyct third-party-advisory

cve.org (CVE-2025-34067)

nvd.nist.gov (CVE-2025-34067)

Download JSON