CVE-2023-53691

Name of the Vulnerable Software and Affected Versions Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center versions through 2023-06-25

Description A directory traversal flaw allows unauthenticated file uploads via the /center/api/files endpoint. This enables attackers to perform directory traversal attacks and upload arbitrary files. This issue has been actively exploited in the wild since 2024 and into 2025. The files directory is vulnerable to traversal attacks.

Recommendations Versions through 2023-06-25 should be updated. At the moment, there is no information about a newer version that contains a fix for this vulnerability.