Hikvision has disclosed two high buffer overflow vulnerabilities affecting its security devices that could allow network-based attackers to cause device malfunctions.
The security flaws, tracked as CVE-2025-66176 and CVE-2025-66177, impact select access control products and video recording systems.
Both vulnerabilities stem from stack overflow issues in the device search and discovery feature.
| CVE ID | Affected Products | Base Score |
|---|---|---|
| CVE-2025-66176 | Partial Access Control Series Products | 8.8 |
| CVE-2025-66177 | Partial NVR, DVR, CVR, IPC Series Products | 8.8 |
An attacker positioned on the same local area network can exploit these weaknesses by sending specially crafted packets to unpatched devices, resulting in system disruption without requiring authentication or user interaction.
The vulnerabilities carry identical CVSS v3.1 base scores of 8.8, reflecting high severity.
The vector string (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A: H) indicates attack vectors are adjacent network-accessible, with low attack complexity, no privileges required, and no user interaction necessary. The potential impact spans confidentiality, integrity, and availability.
The first vulnerability affects Hikvision’s Access Control Series Products, while the second targets Network Video Recorders, Digital Video Recorders, Central Video Recorders, and IP Cameras.
Hikvision has published a comprehensive list of specific affected models through its security advisory portal.
Cisco Talos Team member reported CVE-2025-66176, while independent security researchers Angel Lozano Alcazar and Pedro Guillen Nuñez discovered CVE-2025-66177.
Hikvision acknowledged both research teams for their responsible disclosure.
Users should immediately obtain the latest firmware versions from Hikvision’s official support download center.
The company emphasises the prompt application of updates to mitigate potential network-based attacks, particularly in enterprise and critical infrastructure deployments where these devices monitor physical security.
Network administrators are advised to segment surveillance networks, restrict device discovery protocols to trusted zones, and monitor for anomalous traffic patterns indicative of exploitation attempts until patching is complete.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.