Critical HIKVISION applyCT Flaw Allows Remote Code Execution

Critical HIKVISION applyCT Flaw Allows Remote Code Execution

A newly disclosed vulnerability, tracked as CVE-2025-34067, has been identified in HIKVISION’s widely deployed security management platform, applyCT (also known as HikCentral).

 This critical flaw allows unauthenticated remote code execution (RCE), putting countless surveillance and security infrastructures at risk across government, commercial, and industrial sectors.

Its advanced analytics and scalable architecture make it a popular choice for organizations requiring robust surveillance and security management.

The platform’s widespread adoption means that vulnerabilities can have far-reaching consequences.

Field Value
CVE ID CVE-2025-34067
Published 2025-07-02
Endpoint /bic/ssoService/v1/applyCT
CVSS Score 10.0 (Critical)

Technical Details

  • Component Affected: applyCT (HikCentral)
  • Vulnerability Type: Unauthenticated Remote Code Execution
  • Root Cause: Use of a vulnerable version of the Fastjson library
  • Attack Vector: Network (no authentication required)
  • Endpoint: /bic/ssoService/v1/applyCT
  • Exploit Mechanism: The endpoint deserializes untrusted JSON input using Fastjson’s auto-type feature, allowing attackers to load arbitrary Java classes via a malicious LDAP URL. Specifically, attackers can craft a JSON payload referencing the JdbcRowSetImpl class, enabling remote code execution on the underlying system.

Proof-of-Concept

A typical attack involves sending a specially crafted POST request with a JSON payload to the vulnerable endpoint.

By manipulating the datasource parameter to point to an attacker-controlled LDAP server, arbitrary code can be executed on the target server.

  • Severity: CRITICAL (CVSS 4.0 Score: 10.0)
  • Potential Consequences:
    • Full system compromise
    • Unauthorized access to sensitive data
    • Manipulation or disabling of surveillance feeds
    • Lateral movement within the network
    • Disruption of security operations
    • Financial loss, reputational damage, and legal liabilities
  • Update to a patched version of HikCentral that does not use the vulnerable Fastjson library.
  • Restrict access to the vulnerable endpoint from untrusted networks.
  • Monitor for suspicious outbound LDAP traffic.
  • Apply security updates as soon as they are released by HIKVISION.

Organizations using HIKVISION applyCT should act immediately to mitigate this critical risk and protect their security infrastructure.

Exclusive Webinar Alert: Harnessing Intel® Processor Innovations for Advanced API Security – Register for Free


Source link