Buffer Overflow Vulnerability in Dahua Products
CVE-2025-31701

8.1HIGH

Key Information:

Vendor: Dahua
Status: Ipc; Sd
Vendor: CVE Published:; 23 July 2025

What is CVE-2025-31701?

A buffer overflow vulnerability has been identified in Dahua products that may be exploited by attackers through specially crafted malicious packets, potentially leading to service disruptions such as crashes or unauthorized execution of remote code. Although some devices might employ protection mechanisms like Address Space Layout Randomization (ASLR) to mitigate risks, the threat of denial-of-service (DoS) attacks remains a significant issue.

Affected Version(s)

IPC Affected products include certain models from the IPC-1XXX, IPC-2XXX, IPC-WX, and IPC-ECXX series, and limited to versions which build time before April 16, 2025.

SD Affected products include certain models from the SD3A, SD2A, SD3D, SDT2A, and SD2C series, and limited to versions which build time before April 16, 2025.

References

https://www.dahuasecurity.com/aboutUs/trustedCenter/detai...

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2025
Vulnerability Reserved
Apr 1, 2025