Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

July 3, 2025

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Image: PeiQi0
A newly disclosed vulnerability in HIKVISION’s widely deployed security management platform, applyCT (previously known as HikCentral), has put countless surveillance and monitoring infra …

Published Date:
Jul 04, 2025 (3 hours, 21 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-34067

CVE-2021-36260

Source: Read More

Previous ArticleApache Under Attack: Critical RCE Flaws in Tomcat & Camel Spark Thousands of Exploit Attempts

Next Article Anthropic MCP Server Flaws: Path Traversal & Symlink Attacks Allow RCE

Highlights

CVE-2025-32978 – Quest KACE Systems Management Appliance License Replacement Vulnerability

June 24, 2025

CVE ID : CVE-2025-32978

Published : June 24, 2025, 3:15 p.m. | 3 hours, 38 minutes ago

Description : Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing denial of service.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

Looking to Outsource React.js Development? Here’s What Top Agencies Are Doing Right

Beyond The Hype: What AI Can Really Do For Product Design

BrowserStack launches Chrome extension that bundles 10+ manual web testing tools

How much RAM does your Linux PC really need in 2025?

Have solar at home? Supercharge that investment with this other crucial component

I replaced my MacBook charger with this compact wall unit – and wish I’d done it sooner

5 reasons to switch to an immutable Linux distro today – and which to try first

Sentry Adds Logs Support for Laravel Apps

Sentry Adds Logs Support for Laravel Apps

Efficient Context Management with Laravel’s Remember Functions

Laravel Devtoolbox: Your Swiss Army Knife Artisan CLI

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

From plateau predictions to buggy rollouts — Bill Gates’ GPT-5 skepticism looks strangely accurate

We gave OpenAI’s open-source AI a kid’s test — here’s what happened

With GTA 6, next-gen exclusives, and a console comeback on the horizon, Xbox risks sitting on the sidelines — here’s why

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Workday Staff Fall to Social Engineering; Hackers Access Third-Party CRM Platform

Get Ready for the Black Hat USA 2025 CISO Podcast Series from The Cyber Express and Suraksha Catalyst

AirBorne Exploits: Zero-Click Wormable RCE Hits Apple & IoT Devices

This app fixes the Windows 11 Start menu, and it now works with Snapdragon PCs

CVE-2025-44954 – RUCKUS SmartZone SSH Private Key Hardcoded Vulnerability

Latest Microsoft Edge update breaks design visuals on Windows 11 — once you see it, you’ll hate it

CVE-2025-32978 – Quest KACE Systems Management Appliance License Replacement Vulnerability

AWS Default IAM Roles Found to Enable Lateral Movement and Cross-Service Exploitation

Understanding Accessibility, Inclusive Design, and Universal Design

Swiss bank data released by hackers

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Critical HIKVISION applyCT Flaw (CVE-2025-34067, CVSS 10.0): Unauthenticated RCE Via Fastjson

Related Posts