Remote Command Execution in Hikvision applyCT via Fastjson Deserialization
CVE-2025-34067 Published on July 2, 2025
Hikvision Integrated Security Management Platform Remote Command Execution via applyCT Fastjson
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-05 UTC.
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2025-34067 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Affected Versions
Hikvision Integrated Security Management Platform Version 0 is affected by CVE-2025-34067Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.