CVE-2025-39246 | THREATINT

Description

There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.

PUBLISHED Reserved 2025-04-16 | Published 2025-08-29 | Updated 2025-08-29 | Assigner hikvision

MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Product status

Versions between V1.4.0 and V2.2.0

affected

Credits

Eduardo Bido finder

References

www.hikvision.com/...rabilities-in-some-hikcentral-products/

cve.org (CVE-2025-39246)

nvd.nist.gov (CVE-2025-39246)

Download JSON