CVE-2025-39247

🗓️ 29 Aug 2025 01:40:31Reported by hikvisionType

cve🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 22 Views🌐 WEB

Access control flaw in HikCentral Professional allows unauthenticated users to gain admin permission.

Reporter	Title	Published	Views	Family All 10
GithubExploit	Exploit for CVE-2025-39247	21 May 202618:13	–	githubexploit
Circl	CVE-2025-39247	29 Aug 202506:34	–	circl
CNNVD	Hikvision HikCentral Professional 安全漏洞	29 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-39247	29 Aug 202501:40	–	cvelist
EUVD	EUVD-2025-26202	3 Oct 202520:07	–	euvd
NVD	CVE-2025-39247	29 Aug 202503:15	–	nvd
Positive Technologies	PT-2025-35172	29 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-39247	31 Aug 202502:20	–	redhatcve
The Hacker News	⚡ Weekly Recap: WhatsApp 0-Day, Docker Bug, Salesforce Breach, Fake CAPTCHAs, Spyware App & More	1 Sep 202513:02	–	thn
Vulnrichment	CVE-2025-39247	29 Aug 202501:40	–	vulnrichment

[
  {
    "vendor": "Hikvision",
    "product": "HikCentral Professional",
    "versions": [
      {
        "version": "Versions between V2.3.1 and V2.6.2",
        "status": "affected"
      }
    ]
  },
  {
    "vendor": "Hikvision",
    "product": "HikCentral Professional",
    "versions": [
      {
        "version": "Version V3.0.0",
        "status": "affected"
      }
    ]
  }
]

Source	Link
hikvision	www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-some-hikcentral-products/

Parameter	Position	Path	Description	CWE
ChangeDefaultUserPasswordRequest	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284
UserName	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284
Password	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284
ActiveCode	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284
QuestionList	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284
SID	path	ISAPI/Bumblebee/Platform/V0/Permission/ChangeDefaultUserPassword	Unauthenticated access to ChangeDefaultUserPassword via HCMP frontend allows password reset when local auth checks are bypassed; the fix adds a local-address gate and input validation but the endpoint is still reachable through default proxy, enabling takeover with valid ActiveCode or security questions.	CWE-284

15 Apr 2026 00:35Current

6.2Medium risk

Vulners AI Score6.2

CVSS 3.18.6

EPSS0.00237

SSVC

CWE-284