Hikvision Patches Security Flaws (CVE-2024-25063 & 25064): Update Your HikCentral Pro

Hikvision, a titan in the surveillance solutions industry, recently addressed two security vulnerabilities affecting its centralized security management platform, HikCentral Professional. Used by countless customers worldwide to safeguard assets and properties, HikCentral Professional’s potential vulnerabilities could have had far-reaching implications. It’s a platform that has gained the trust of clients in over 200 countries, connecting more than 5 million devices into a single, unified interface.

Vulnerabilities Exposed

• CVE-2024-25063 (CVSS 7.5): This vulnerability, stemming from inadequate server-side validation, could have granted an attacker unauthorized access to specific URLs. Think of it as someone bypassing security checkpoints to enter restricted areas.

• CVE-2024-25064 (CVSS 4.3): Also caused by insufficient validation, this vulnerability could have enabled an attacker with existing login privileges to access resources beyond their authorized permissions.

Security researchers Michael Dubell and Abdulazeez Omar deserve credit for responsibly disclosing these vulnerabilities to Hikvision‘s Security Response Center (HSRC).

The Importance of Updates

• CVE-2024-25063 affects versions below V2.5.1 – Update if you’re running an earlier version.
• CVE-2024-25064 affects versions between V2.0.0 and V2.5.1 – Update accordingly.

Stay Secure: Best Practices

• Prioritize Patches: Always install security updates and patches promptly.
• Restrict Access: Adhere to the principle of least privilege – grant only the minimum necessary permissions to users.
• Monitor for Updates: Regularly check for new releases and security advisories from Hikvision.

The Bottom Line

If you use HikCentral Professional, take immediate steps to update your system and stay informed about the latest security practices. For updates and support, contact your local Hikvision technical support team.