—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

Multiple Vulnerabilities in HikCentral Products 

Indian – Computer Emergency Response Team (https://www.cert-in.org.in)

Severity Rating: HIGH

Software Affected

HikCentral Master Lite versions V2.2.1 through V2.3.2

HikCentral FocSign versions V1.4.0 through V2.2.0

HikCentral Professional versions 2.3.1 through 2.6.2, and 3.0.0

Overview

Multiple vulnerabilities have been reported in HikCentral Products, which could be exploited by an attacker to execute arbitrary code, gain elevated privileges and bypass access controls on affected systems.

Target Audience:

Organizations running any of the affected HikCentral Products.

Risk Assessment:

High risk of unauthorized access and sensitive information disclosure.

Impact Assessment:

Potential for arbitrary code execution.

Description

HikCentral Master Lite, FocSign, and Professional are Hikvision¿s modular platforms for edge-based IoT/video data management, digital signage control, and unified security operations (video, access, alarms, and analytics).

Multiple vulnerabilities exist in HikCentral products due to Unquoted Service Path, CSV injection and Access Control vulnerability in affected versions.

Successful exploitation of these vulnerabilities could allow attackers to execute arbitrary code, escalate privileges and bypass access controls on affected systems.

Solution

Apply appropriate fixes as mentioned in the HikCentral Security Advisory:

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/

Vendor Information

 

https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/

CVE Name

CVE-2025-39245

CVE-2025-39246

CVE-2025-39247

– —

Thanks and Regards,

CERT-In

Incident Response Help Desk

e-mail: incident@cert-in.org.in

Phone: +91-11-22902657

Toll Free Number: 1800-11-4949

Toll Free Fax : 1800-11-6969

Web: http://www.cert-in.org.in

PGP Fingerprint: A768 083E 4475 5725 B81A A379 2156 C0C0 B620 D0B4

PGP Key information:

https://www.cert-in.org.in/s2cMainServlet?pageid=CONTACTUS

Postal address:

Indian Computer Emergency Response Team (CERT-In)

Ministry of Electronics and Information Technology

Government of India

Electronics Niketan

6, C.G.O. Complex

New Delhi-110 003

—–BEGIN PGP SIGNATURE—–

iQIzBAEBCAAdFiEE6r4Iam/Ey0c/KakL3jCgcSdcys8FAmjBhWQACgkQ3jCgcSdc

ys+iCRAAk/uzNDAVRvn4bZVpGTlH+T8MnkouxfNv5X2AL1JDNm9/cP4AYeiiIQFV

fZKroOsXJfo688VGFDs55UoUlSDfkFz8j+FdHBvmV0+vODUI4RImgKAH/FQR+Ota

thU+Esl1L47oJfKVoseM4PDSt1nNyOuVFSIxVLOO2kbwJ1+DpsOkuFhlxOkKfM4p

zZKVByCHqrKZO7yUpOT0gcuWzZZor7zZThqrtEV762KFBQw5EbyeLOdDrDpZgPZd

Yc8Rt72hW6Y7aQ1dFff46jqzvXkJFCn7aVaJkXtdBOKFir1usXYpPnrLZGAmEMYn

njn9NCuv5AJIEuQPhmTQp25HpcvNKHr31AJU4dl/3zfbZa4734413J8nNr27GOmd

Eq+ohL6PraLMVIFcO7M33DWyV7i6SfJilGqwJntG19HlQILoi1/xh2bZFq0xPHIL

H28WELzNIuRVDnW9EEFPv6PGBVZn/JkuhSIduTd1ZvJS1T97bBjxT4yP/yn59LbS

OBBNqiX5Q8jRDA4Fet0RVVV8cS69i50CzCpa9cgbT1Mtj0c/KRAgJc9uDISUSe2d

gScXLTr4jACWUVbTCiofoaaIO84gC6w6bZ/SMgdNGY1jmmGagSkLEH5Mi/mIK6nk

hW9qgkix/HynDEAczsYs+45sVNguN6GKiNhpO49A+ee3TjAiBFM=

=qdoL

—–END PGP SIGNATURE—–