CVE-2024-25064: 
Hikvision HikCentral Professional vulnerability analysis and mitigation

CVE-2024-25064 affects HikCentral Professional, a centralized security management platform by Hikvision. The vulnerability was discovered and reported to Hikvision Security Response Center (HSRC) by security researchers Michael Dubell and Abdulazeez Omar. The issue affects versions between V2.0.0 and V2.5.1 of HikCentral Professional (Hikvision Advisory).

The vulnerability stems from insufficient server-side validation, which received a CVSS v3.1 base score of 4.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires network access and low privileges to exploit, with potential impact limited to confidentiality (NVD, Hikvision Advisory).

An attacker with login privileges could potentially access certain resources that they should not have access to by manipulating parameter values. The impact is primarily limited to unauthorized access to restricted resources (Security Online, NVD).

Users are advised to update their HikCentral Professional installations to version 2.5.1 or later to address this vulnerability. The fix was made available in the March 1, 2024 update. Users should contact their local Hikvision technical support team for assistance with the update (ASEC, Hikvision Advisory).