CRITICAL🇵🇱 Wersja polska

CVE-2025-34067

CVSS 10.0v4.0pub. 2025-07-02upd. 2026-04-15

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.

🤖 AI Analysis
How it works

The /bic/ssoService/v1/applyCT endpoint accepts user data and deserializes it without identity verification (no authentication). Attackers can exploit the auto-type mechanism of the Fastjson library (CWE-502: deserialization of untrusted data) to load any Java class. By specifying a malicious class through an LDAP protocol URL, the attacker causes arbitrary code to be loaded and executed on the server. The entire attack is possible remotely, without any privileges or user interaction.

Impact

Attackers gain the ability to execute arbitrary code remotely on the host operating system, which in practice means taking full control of the device and potentially the entire managed physical security infrastructure.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Additionally, until updates are installed, it is recommended to block access to the /bic/ssoService/v1/applyCT endpoint at the firewall or WAF level and isolate the ISMP platform from public networks.

Who is affected

Hikvision Integrated Security Management Platform (ISMP) — applyCT component (endpoint /bic/ssoService/v1/applyCT); specific versions indicated in manufacturer references

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEDeserialization
CWE
References