CVE-2025-66177
Unknown Unknown - Not Provided
Stack Overflow in Hikvision NVR/DVR Search Feature Causes Device Malfunction

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description
There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-06-16
AI Q&A
2026-01-13
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66177
EUVD
EUVD-2026-2374
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
hikvision access_control *
hikvision nvr *
hikvision dvr *
hikvision cvr *
hikvision ipc *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-66177 is a stack overflow vulnerability in the Search and Discovery feature of certain Hikvision NVR, DVR, CVR, and IPC devices. An attacker on the same local area network (LAN) can exploit this vulnerability by sending specially crafted packets to the device, causing it to malfunction. [1]

Impact Analysis

If exploited, this vulnerability can cause the affected Hikvision devices to malfunction, potentially impacting the confidentiality, integrity, and availability of the device and its data. The CVSS score indicates a high severity with possible high impact on confidentiality, integrity, and availability, meaning an attacker could disrupt device operations and compromise sensitive information. [1]

Mitigation Strategies

To mitigate this vulnerability, you should apply the patches and updates provided by Hikvision for the affected NVR, DVR, CVR, and IPC models. These updates are available for download from Hikvision's official website. Additionally, restrict access to the local area network (LAN) to trusted devices only, as exploitation requires LAN access. Monitoring and blocking specially crafted packets targeting the Search and Discovery feature may also help reduce risk. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart