Skip to main content

Hikvision CVE-2025-45851

| EUVDEUVD-2025-19428 HIGH
2025-06-27 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 16, 2026 - 00:16 euvd
EUVD-2025-19428
Analysis Generated
Mar 16, 2026 - 00:16 vuln.today
CVE Published
Jun 27, 2025 - 12:15 nvd
HIGH 7.5

DescriptionCVE.org

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.

Analysis

An issue in Hikvision DS-2CD1321-I V5.7.21 build 230819 allows attackers to cause a Denial of Service (DoS) via sending a crafted POST request to the endpoint /ISAPI/Security/challenge. The vendor has stated that upgrading to V5.7.23_SP2 fixes the issue.

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users.

RemediationAI

Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

CVE-2017-7921 CRITICAL POC
9.8 May 06

An Improper Authentication issue was discovered in Hikvision DS-2CD2xx2F-I Series V5.2.0 build 140721 to V5.4.0 build 16

CVE-2014-4880 HIGH POC
7.5 Dec 08

Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote atta

CVE-2013-4977 CRITICAL POC
10.0 Mar 03

Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), a

CVE-2021-36260 CRITICAL POC
9.8 Sep 22

A command injection vulnerability in the web server of some Hikvision product. Rated critical severity (CVSS 9.8), this

CVE-2023-6895 CRITICAL POC
9.8 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated critical severity

CVE-2022-28171 CRITICAL POC
9.8 Jun 27

The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Rated cr

CVE-2023-6893 HIGH POC
7.5 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK) and classified as proble

CVE-2025-34067 CRITICAL
10.0 Jul 02

An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Se

CVE-2023-6894 MEDIUM POC
6.5 Dec 17

A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). Rated medium severity (

CVE-2023-28808 CRITICAL
9.8 Apr 11

Some Hikvision Hybrid SAN/Cluster Storage products have an access control vulnerability which can be used to obtain the

CVE-2022-28173 CRITICAL
9.8 Dec 19

The web server of some Hikvision wireless bridge products have an access control vulnerability which can be used to obta

CVE-2018-6414 CRITICAL
9.8 Aug 13

A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially cr

Share

CVE-2025-45851 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy