Attackers Could Gain Access to Restricted URLs Due to Insufficient Server-Side Validation
CVE-2024-25063

7.5HIGH

Key Information:

Vendor: Hikvision
Status: Hikcentral Professional
Vendor: CVE Published:; 2 March 2024

What is CVE-2024-25063?

A vulnerability exists in Hikvision's HikCentral Professional due to insufficient server-side validation. This security flaw facilitates unauthorized access to certain URLs, enabling potential exploitation by attackers. The lack of proper validation mechanisms can lead to sensitive information disclosure and unauthorized actions within the affected system.

Affected Version(s)

HikCentral Professional Versions below V2.5.1 (including V2.5.1)

References

https://www.hikvision.com/en/support/cybersecurity/securi...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 2, 2024
Vulnerability Reserved
Feb 4, 2024

Credit

Michael Dubell