Improper File Upload Vulnerability in Hikvision's iSecure Center Software
CVE-2023-28814

9.8CRITICAL

Key Information:

Vendor: Hikvision
Status: Isecure Center
Vendor: CVE Published:; 17 October 2025

What is CVE-2023-28814?

The iSecure Center software by Hikvision has a vulnerability that allows improper verification of uploaded files. This flaw enables attackers to upload malicious files to the server, posing significant security risks. The software is currently available only for China's domestic market, with no version released internationally. Users of affected versions should take immediate action to secure their systems.

Affected Version(s)

iSecure Center V1.0.0 - V1.7.0

References

https://www.hikvision.com/cn/support/CybersecurityCenter/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2025
Vulnerability Reserved
Mar 23, 2023

Credit

hsrc

JSON