CVE-2025-34058

Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files.

CVSS

No CVSS.

References

Link	Resource
https://blog.csdn.net/qq_40684306/article/details/115278837
https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read
https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544
https://www.hikvision.com/en/support/cybersecurity/security-advisory/

Configurations

No configuration.

History

03 Jul 2025, 15:14

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-07-01 15:15

Updated : 2025-07-03 15:14

NVD link : CVE-2025-34058

Mitre link : CVE-2025-34058

CVE.ORG link : CVE-2025-34058

JSON object : View

Products Affected

No product.

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-521

Weak Password Requirements

{"id": "CVE-2025-34058", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.7, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-07-01T15:15:24.340", "references": [{"url": "https://blog.csdn.net/qq_40684306/article/details/115278837", "source": "disclosure@vulncheck.com"}, {"url": "https://vulncheck.com/advisories/hikvision-streaming-server-default-creds-file-read", "source": "disclosure@vulncheck.com"}, {"url": "https://www.cnvd.org.cn/flaw/show/CNVD-2021-14544", "source": "disclosure@vulncheck.com"}, {"url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/", "source": "disclosure@vulncheck.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "disclosure@vulncheck.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-521"}]}], "descriptions": [{"lang": "en", "value": "Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After authenticating with these credentials, an attacker can exploit an arbitrary file read vulnerability in the /systemLog/downFile.php endpoint via directory traversal in the fileName parameter. This exploit chain can enable unauthorized access to sensitive system files."}, {"lang": "es", "value": "Hikvision Streaming Media Management Server v2.3.5 utiliza credenciales predeterminadas que permiten a atacantes remotos autenticarse y acceder a funciones restringidas. Tras autenticarse con estas credenciales, un atacante puede explotar una vulnerabilidad de lectura de archivos arbitrarios en el endpoint /systemLog/downFile.php mediante un salto de directorio en el par\u00e1metro fileName. Esta cadena de exploits puede permitir el acceso no autorizado a archivos confidenciales del sistema."}], "lastModified": "2025-07-03T15:14:12.767", "sourceIdentifier": "disclosure@vulncheck.com"}