Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

Video Surveillance Under Attack: A Hikvision Bug Allows Admin Access Without a Login

Antonio Piazzolla : 2 September 2025 17:39

At the end of August 2025, a high-impact vulnerability affecting HikCentral Professional, the Hikvision platform used to centrally manage video surveillance and access control, was disclosed. The flaw, classified as CVE-2025-39247, has a CVSS score of 8.6 (High) and allows a remote attacker to gain administrative access without authentication. In other words: anyone, via the network, can access the heart of the security management system.

Why it’s important

Environments that adopt HikCentral often consider it part of “physical security,” but in reality it’s software exposed like any other IT service. This makes it an attractive target: if compromised, it could provide access not only to cameras, but also to sensitive data, configurations, and potentially the entire corporate network.

In a real-world scenario, an attacker could:

  • view and manipulate video streams;
  • modify settings and users;
  • exploit the server as an entry point for lateral movement.

Where’s the problem?

The vulnerability is Improper Access Control (CWE-284). Essentially, some HikCentral web/API endpoints don’t handle access controls correctly. The result is that requests sent without credentials are still treated as privileged, allowing direct escalation to the administrative level.

This makes the attack extremely simple: no in-depth knowledge of the system is required, no stolen credentials are needed, and no user interaction is necessary. All you need is to be able to reach the service port.

Affected versions and fixes

The vulnerable versions range from V2.3.1 to V2.6.2, as well as V3.0.0. Hikvision has already released corrective updates:

  • V2.6.3
  • V3.0.1

Anyone using previous releases should upgrade immediately.

Practical mitigations

In addition to updating, which remains the most effective measure, there are some recommended hardening actions:

  • Segment the network: isolate HikCentral servers in dedicated VLANs, accessible only from trusted subnets.
  • Limit access: filter the addresses that can connect to the service via a firewall.
  • Implement a WAF: useful for intercepting anomalous requests to endpoints.
  • Monitor logs: Activate alerts for suspicious or unauthorized access attempts.
  • Apply the principle of least privilege: Minimize the rights of internal accounts.

Quick operational checklist

To make the work of IT and security teams easier, here are the 5 essential steps to mitigate CVE-2025-39247:

  1. Update now toV2.6.3 or V3.0.1.
  2. Control the network: Isolate HikCentral servers into dedicated segments.
  3. Limit external access through firewalls and VPNs.
  4. Enable advanced logging and monitoring to detect anomalous activity.
  5. Check account privileges and delete any unnecessary accounts.

Conclusion

The CVE-2025-39247 case demonstrates the risk of underestimating physical security systems. They are not isolated “black boxes,” but exposed IT applications that deserve the same level of protection as core systems. An exploit like this can turn a system designed to protect into a gateway for much more serious attacks.

The priority is therefore clear: update immediately, while simultaneously strengthening network controls and monitoring. Only in this way can the window of exposure be minimized and ensure that a system designed to defend does not become the source of the compromise.

Antonio Piazzolla
IT Infrastructure & Security Manager with more than 20 years of experience in complex business environments. In the Casillo Group, he deals with business continuity, security and innovation. Microsoft, VMware, Cisco and ITIL certified.

Lista degli articoli