CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

July 2, 2025

CVE ID : CVE-2025-34067

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson’s auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34069 – Kerio Control Authentication Bypass through Insecure Proxy Configuration

Next Article CVE-2025-34057 – Ruijie NBR Series Router Information Disclosure Vulnerability

Highlights

CVE-2025-4936 – “Projectworlds Online Food Ordering System SQL Injection Vulnerability”

May 19, 2025

CVE ID : CVE-2025-4936

Published : May 19, 2025, 3:15 p.m. | 1 hour, 13 minutes ago

Description : A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

Your smart home device just got a performance and security boost for free

Ultrahuman brings advanced cycle and ovulation tracking to its smart ring

DistroWatch Weekly, Issue 1135

14 secret phone codes that unlock hidden features on your Android and iPhone

Air Quality Prediction System using Python ML

Air Quality Prediction System using Python ML

AI’s Hidden Thirst: The Water Behind Tech

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

DistroWatch Weekly, Issue 1135

DistroWatch Weekly, Issue 1135

Ubuntu’s New “Dangerous” Daily Builds – What Are They?

gofmt – formats Go programs

CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

CVE-2025-9090 – Tenda Telnet Service Command Injection

CVE-2025-9091 – Tenda AC20 Hard-Coded Credentials Vulnerability

CVE-2025-48792 – Oracle WebLogic Server Unvalidated Redirect

CL-STA-0969 Installs Covert Malware in Telecom Networks During 10-Month Espionage Campaign

CVE-2025-3262 – Apache Transformers ReDoS

AlphaEvolve: A Gemini-powered coding agent for designing advanced algorithms

CVE-2025-4936 – “Projectworlds Online Food Ordering System SQL Injection Vulnerability”

Using Pages CMS for Static Site Content Management

CVE-2025-53778 – Microsoft Windows NTLM Privilege Escalation

Hindsite is a fast, lightweight static website generator

CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

Related Posts