HikCentral Professional
by Hikvision
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-39247 | Hig | 0.56 | 8.6 | 0.01 | Aug 29, 2025 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | ||
| CVE-2026-1749 | Med | 0.44 | 6.8 | 0.00 | May 9, 2026 | There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission. | ||
| CVE-2024-47487 | 0.00 | — | 0.00 | Oct 18, 2024 | There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries. | |||
| CVE-2024-25064 | 0.00 | — | 0.00 | Mar 2, 2024 | Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. | |||
| CVE-2024-25063 | 0.00 | — | 0.01 | Mar 2, 2024 | Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. |
- risk 0.56cvss 8.6epss 0.01
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
- risk 0.44cvss 6.8epss 0.00
There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
- CVE-2024-47487Oct 18, 2024risk 0.00cvss —epss 0.00
There is a SQL injection vulnerability in some HikCentral Professional versions. This could allow an authenticated user to execute arbitrary SQL queries.
- CVE-2024-25064Mar 2, 2024risk 0.00cvss —epss 0.00
Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values.
- CVE-2024-25063Mar 2, 2024risk 0.00cvss —epss 0.01
Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to.