CVE-2025-66177
Stack Overflow in Hikvision NVR/DVR Search Feature Causes Device Malfunction
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Hangzhou Hikvision Digital Technology Co., Ltd.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hikvision | access_control | * |
| hikvision | nvr | * |
| hikvision | dvr | * |
| hikvision | cvr | * |
| hikvision | ipc | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-66177 is a stack overflow vulnerability in the Search and Discovery feature of certain Hikvision NVR, DVR, CVR, and IPC devices. An attacker on the same local area network (LAN) can exploit this vulnerability by sending specially crafted packets to the device, causing it to malfunction. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can cause the affected Hikvision devices to malfunction, potentially impacting the confidentiality, integrity, and availability of the device and its data. The CVSS score indicates a high severity with possible high impact on confidentiality, integrity, and availability, meaning an attacker could disrupt device operations and compromise sensitive information. [1]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should apply the patches and updates provided by Hikvision for the affected NVR, DVR, CVR, and IPC models. These updates are available for download from Hikvision's official website. Additionally, restrict access to the local area network (LAN) to trusted devices only, as exploitation requires LAN access. Monitoring and blocking specially crafted packets targeting the Search and Discovery feature may also help reduce risk. [1]