Primary

Context

Hikvision iSecure Center Command Injection Vulnerability Allowing Privilege Escalation

Vulnerability

A command injection vulnerability has been identified in Hikvision's iSecure Center product, which is available only in the domestic Chinese market. This vulnerability arises from inadequate parameter validation, allowing attackers to execute arbitrary commands on the system and gain platform privileges.

Impact

Exploitation of this vulnerability could lead to unauthorized execution of commands on the affected system, potentially allowing an attacker to escalate privileges.

Remediation

Users can download the patch for this vulnerability from the Hikvision download link provided in the official security notice. For technical support, Hikvision users can contact HSRC via email or fill out a feedback request.

Added: Oct 17, 2025, 12:41 PM

Updated: Oct 17, 2025, 1:32 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

7.5

exploitability

4.9

remediation

7.7

relevance

0.7

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Hikvision iSecure Center Command Injection Vulnerability Allowing Privilege Escalation

Vulnerability

Impact

Remediation

Affected Products

Hikvision ncg

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating