CVE-2025-66176
Unknown Unknown - Not Provided

Stack Overflow in Hikvision Access Control Search Causes Device Malfunction

Vulnerability report for CVE-2025-66176, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-03-18

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-03-18
Generated
2026-07-06
AI Q&A
2026-01-13
EPSS Evaluated
2026-07-04
NVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
hikvision access_control *
hikvision nvr *
hikvision dvr *
hikvision cvr *
hikvision ipc *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-66176 is a stack overflow vulnerability in the Search and Discovery feature of some Hikvision Access Control products. An attacker on the same local area network (LAN) can exploit this by sending specially crafted packets to the device, causing it to malfunction. [1]

Impact Analysis

If exploited, this vulnerability can cause the affected Hikvision device to malfunction, impacting its confidentiality, integrity, and availability. The attack requires only adjacent network access, has low complexity, and does not require privileges or user interaction, making it a high-severity risk. [1]

Detection Guidance

The vulnerability can be detected by monitoring for specially crafted packets sent to the device's Search and Discovery feature over the local area network (LAN). However, no specific detection commands or tools are provided in the available resources. [1]

Mitigation Strategies

Immediate mitigation steps include applying the patches and updates provided by Hikvision for the affected Access Control devices. Additionally, restricting LAN access to trusted devices and monitoring network traffic for suspicious packets can help reduce risk. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66176. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart