Critical Vulnerabilities in Hikvision HikCentral Pose Major Security Risks

7 Sep 2025

HikvisionHikCentralVulnerabilityAuthentication BypassSurveillance SecurityAccess ControlCritical InfrastructureCybersecurity RiskHackingInternet of ThingsSecurityInformation Security NewsIT Information SecurityPierluigi PaganiniSecurity AffairsSecurity News

Researchers have identified three critical vulnerabilities in Hikvision's HikCentral, a centralized management software utilized across industries for video surveillance, access control, and integrated security operations. These flaws enable unauthenticated users to gain administrator privileges, potentially allowing complete control over system configurations, logs, and surveillance functionalities. While the technical specifics of these vulnerabilities remain undisclosed, their existence poses significant risks, including unauthorized access to surveillance feeds, tampering with security logs, and disruption of critical security operations. Industries reliant on HikCentral, such as critical infrastructure, corporate security, and government facilities, face heightened exposure to cyber threats. Immediate action is recommended, including applying vendor-provided patches, enhancing network segmentation, and monitoring for suspicious administrative activities. The lack of detailed technical information underscores the necessity for proactive vulnerability management and robust communication with vendors to mitigate potential exploitation. This discovery serves as a critical reminder of the vulnerabilities inherent in centralized security management systems and the importance of maintaining rigorous cybersecurity practices.