PT-2025-43013 · Hikvision · Hikvision Isecure Center
Published
2025-10-22
·
Updated
2025-10-22
·
CVE-2024-58274
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center versions through 2024-08-01
Description
The software contains a flaw that permits the execution of a command. This occurs through the use of the
$( ) construct within JSON data sent to the /center/api/installation/detection API endpoint. This issue was observed being exploited in real-world attacks during 2024 and 2025. The vulnerable parameter is the JSON data sent to the API endpoint.Recommendations
Versions through 2024-08-01 should be updated.
Exploit
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hikvision Isecure Center