CVE-2025-66176
Stack Overflow in Hikvision Access Control Search Causes Device Malfunction
Publication date: 2026-01-13
Last updated on: 2026-03-18
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hikvision | access_control | * |
| hikvision | nvr | * |
| hikvision | dvr | * |
| hikvision | cvr | * |
| hikvision | ipc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66176 is a stack overflow vulnerability in the Search and Discovery feature of some Hikvision Access Control products. An attacker on the same local area network (LAN) can exploit this by sending specially crafted packets to the device, causing it to malfunction. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the affected Hikvision device to malfunction, impacting its confidentiality, integrity, and availability. The attack requires only adjacent network access, has low complexity, and does not require privileges or user interaction, making it a high-severity risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The vulnerability can be detected by monitoring for specially crafted packets sent to the device's Search and Discovery feature over the local area network (LAN). However, no specific detection commands or tools are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the patches and updates provided by Hikvision for the affected Access Control devices. Additionally, restricting LAN access to trusted devices and monitoring network traffic for suspicious packets can help reduce risk. [1]