CVE-2025-34067P1CRITICALCVSS 10.0Exploitedv02025-07-02
CVE-2025-34067 [CRITICAL] CWE-502 CVE-2025-34067: An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hik
An unauthenticated remote command execution vulnerability exists in the applyCT component of the Hikvision Integrated Security Management Platform due to the use of a vulnerable version of the Fastjson library. The endpoint /bic/ssoService/v1/applyCT deserializes untrusted user input, allowing an attacker to trigger Fastjson's auto-type feature to
nvd