CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

July 2, 2025

CVE ID : CVE-2025-34067

Published : July 2, 2025, 2:15 p.m. | 1 hour, 1 minute ago

Description : An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson’s auto-type feature to load arbitrary Java classes. By referencing a malicious class via an LDAP URL, an attacker can achieve remote code execution on the underlying system.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-34069 – Kerio Control Authentication Bypass through Insecure Proxy Configuration

Next Article CVE-2025-34057 – Ruijie NBR Series Router Information Disclosure Vulnerability

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

CVE-2025-5782 – PHPGurukul Employee Record Management System SQL Injection Vulnerability

CVE-2025-1627 – Qi Blocks WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-5324 – TechPowerUp GPU-Z IOCTL Handler Memory Leak Vulnerability

How to make your images in Markdown on GitHub adjust for dark mode and light mode

CVE-2025-4069 – Code-projects Product Management System Stack-Based Buffer Overflow

CISA Adds CVE-2025-27363 to KEV Catalog

LLMs Can Be Misled by Surprising Data: Google DeepMind Introduces New Techniques to Predict and Reduce Unintended Knowledge Contamination

CVE-2025-52443 – Apache HTTP Server Authentication Bypass

CVE-2025-34067 – Hikvision Integrated Security Management Platform Fastjson Remote Command Execution

Related Posts