We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2025-34067

Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson



Description

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.

Reserved 2025-04-15 | Published 2025-07-02 | Updated 2025-07-07 | Assigner VulnCheck


CRITICAL: 10.0CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Problem types

CWE-502 Deserialization of Untrusted Data

CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Product status

Default status
unaffected

Any version
affected

References

github.com/... applyCT Fastjson远程命令执行漏洞.md exploit

s4e.io/tools/hikvision-applyct-remote-code-execution third-party-advisory

vulncheck.com/advisories/hikvision-ismp-rce-applyct third-party-advisory

cve.org (CVE-2025-34067)

nvd.nist.gov (CVE-2025-34067)

Download JSON

Share this page
https://cve.threatint.eu/CVE/CVE-2025-34067

Support options

Helpdesk Chat, Email, Knowledgebase
© Copyright 2025 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.