CVE-2025-34067

CRITICAL EXPLOITED

Hikvision Integrated Security Management Platform - RCE

Title source: llm

Exploitation Summary

CVE-2025-34067 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

References (3)

Core 3

Core References

Various Sources third-party-advisory

https://s4e.io/tools/hikvision-applyct-remote-code-execution

Third Party Advisory third-party-advisory

https://vulncheck.com/advisories/hikvision-ismp-rce-applyct

Third Party Advisory exploit

https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/iot/HIKVISION/HIKVISION%20%E7%BB%BC%E5%90%88%E5%AE%89%E9%98%B2%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%20applyCT%20Fastjson%E8%BF%9C%E7%A8%8B%E5%91%BD%E4%BB%A4%E6%89%A7%E8%A1%8C%E6%BC%8F%E6%B4%9E.md

Scores

CVSS v4 10.0

EPSS 0.1867

EPSS Percentile 96.9%

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-07-02

CWE

CWE-502

Status published

Products (1)

Hikvision/Integrated Security Management Platform

Published Jul 02, 2025

Tracked Since Feb 18, 2026