CVE-2025-34058
HIGH EXPLOITEDHikvision Streaming Media Management Server v2.3.5 - Info Disclosure
Title source: llmDescription
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.
References (4)
Scores
CVSS v4
8.7
EPSS
0.0286
EPSS Percentile
86.3%
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
VulnCheck KEV
2025-07-01
CWE
CWE-22
CWE-521
Status
published
Products (1)
Hangzhou Hikvision System Technology/Streaming Media Management Server
2.3.5
Published
Jul 01, 2025
Tracked Since
Feb 18, 2026