๐Ÿ” CVE Alert

CVE-2025-34067

UNKNOWN 0.0

Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

CVSS Score
0.0
EPSS Score
18.7%
EPSS Percentile
97th

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

CWE CWE-502
Vendor hikvision
Product integrated security management platform
Published Jul 2, 2025
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for hikvision integrated security management platform

Be the first to know when new unknown vulnerabilities affecting hikvision integrated security management platform are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Hikvision / Integrated Security Management Platform
0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/HIKVISION/HIKVISION%20%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20applyCT%20Fastjson%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md s4e.io: https://s4e.io/tools/hikvision-applyct-remote-code-execution vulncheck.com: https://vulncheck.com/advisories/hikvision-ismp-rce-applyct