CVE-2025-39247
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hikvision | hikcentral_professional | * |
| hikvision | hikcentral_master_lite | 2.2.1 |
| hikvision | hikcentral_focsign | 1.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an Access Control Vulnerability in certain versions of HikCentral Professional (versions 2.3.1 to 2.6.2). It allows an unauthenticated user to obtain administrative permissions, meaning someone without any login credentials can gain admin-level access to the system. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is critical because it allows an attacker to gain admin permissions without authentication. This could lead to unauthorized control over the affected HikCentral Professional system, potentially compromising sensitive data or system configurations. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The provided resources do not include specific detection methods or commands to identify this vulnerability on your network or system.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update HikCentral Professional to version 2.6.3 or 3.0.1 or later, as these versions contain the fix. Contact your local technical support to obtain the update and apply it promptly to prevent unauthorized administrative access. [1]