CVE-2025-34067 CRITICAL

CVE-2025-34067: Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson

Vendor Hikvision
Product Integrated Security Management Platform
Weakness CWE-502 · Unsafe deserialization
Published July 2, 2025
Last update November 20, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

What the vulnerability does

01Description

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

Key dates

02Disclosure timeline

July 2, 2025 CVE published
November 20, 2025 Record updated