CVE-2025-66177
Unknown Unknown - Not Provided

Stack Overflow in Hikvision NVR/DVR Search Feature Causes Device Malfunction

Vulnerability report for CVE-2025-66177, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-01-13

Last updated on: 2026-01-13

Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.

Description

There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-01-13
Last Modified
2026-01-13
Generated
2026-07-06
AI Q&A
2026-01-13
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 5 associated CPEs
Vendor Product Version / Range
hikvision access_control *
hikvision nvr *
hikvision dvr *
hikvision cvr *
hikvision ipc *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-66177 is a stack overflow vulnerability in the Search and Discovery feature of certain Hikvision NVR, DVR, CVR, and IPC devices. An attacker on the same local area network (LAN) can exploit this vulnerability by sending specially crafted packets to the device, causing it to malfunction. [1]

Impact Analysis

If exploited, this vulnerability can cause the affected Hikvision devices to malfunction, potentially impacting the confidentiality, integrity, and availability of the device and its data. The CVSS score indicates a high severity with possible high impact on confidentiality, integrity, and availability, meaning an attacker could disrupt device operations and compromise sensitive information. [1]

Mitigation Strategies

To mitigate this vulnerability, you should apply the patches and updates provided by Hikvision for the affected NVR, DVR, CVR, and IPC models. These updates are available for download from Hikvision's official website. Additionally, restrict access to the local area network (LAN) to trusted devices only, as exploitation requires LAN access. Monitoring and blocking specially crafted packets targeting the Search and Discovery feature may also help reduce risk. [1]

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66177. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart