CVE-2025-39247
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-08-29

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-39247
EUVD
EUVD-2025-26202
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
hikvision hikcentral_professional *
hikvision hikcentral_master_lite 2.2.1
hikvision hikcentral_focsign 1.4.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an Access Control Vulnerability in certain versions of HikCentral Professional (versions 2.3.1 to 2.6.2). It allows an unauthenticated user to obtain administrative permissions, meaning someone without any login credentials can gain admin-level access to the system. [1]

Impact Analysis

The impact of this vulnerability is critical because it allows an attacker to gain admin permissions without authentication. This could lead to unauthorized control over the affected HikCentral Professional system, potentially compromising sensitive data or system configurations. [1]

Detection Guidance

The provided resources do not include specific detection methods or commands to identify this vulnerability on your network or system.

Mitigation Strategies

To mitigate this vulnerability, immediately update HikCentral Professional to version 2.6.3 or 3.0.1 or later, as these versions contain the fix. Contact your local technical support to obtain the update and apply it promptly to prevent unauthorized administrative access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-39247. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart