CVE-2025-39246 MEDIUM

CVE-2025-39246

Vendor Hikvision
Product HikCentral FocSign
Published August 29, 2025
Last update August 29, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.

Key dates

02Disclosure timeline

August 29, 2025 CVE published
August 29, 2025 Record updated