Pierluigi Paganini September 04, 2025

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring.

Security researchers warn of three vulnerabilities impacting Hikvision HikCentral, which is a centralized management software used across many industries for video surveillance, access control, and integrated security operations.

The three vulnerabilities are:

• CVE-2025-39245 – Base score: 4.7 – There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
• CVE-2025-39246 – Base score: 5.3 – There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
• CVE-2025-39247 – Base score: 8.6 – There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.

One of them was rated as high severity, and it stands out because it allows an unauthenticated user to escalate privileges and ultimately gain administrative access to the system. When attackers can elevate their privileges without even logging in, they essentially hold the keys to the entire environment. That creates a direct path to manipulating configurations, tampering with logs, or even shutting down critical monitoring functions.

HikCentral serves as the backbone for many organizations’ security infrastructure. Companies rely on it to manage surveillance cameras, control building access, and integrate data from multiple devices into one cohesive platform. An attacker can exploit the privilege escalation flaw to take over these functions. Once an attacker elevates privileges, they can act as an administrator, install malware, create hidden accounts, or exfiltrate sensitive information. Imagine a scenario where an attacker disables cameras during a physical intrusion, unlocks restricted doors, or modifies audit trails to hide evidence. This scenario poses a serious threat to the safety and business continuity of the impacted organizations.

The affected versions include:

Organizations running these builds should treat this disclosure as a wake-up call.

In HikCentral’s case, the risk increases because attackers don’t even need to authenticate first. They can approach the system anonymously, exploit the flaw, and instantly gain elevated control. This bypass undermines all trust in standard authentication processes.

The Chinese vendor has already released guidance, and the best step forward involves applying updates immediately. HikCentral administrators should:

• Harden the environment while applying the update: limit external exposure
• Check the version number of their deployment. If it falls within the affected ranges, it requires attention.
• Download and install the latest patches provided by Hikvision in their official security bulletin.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Hikvision)