Global - EN
Buffer Overflow Vulnerabilities in Some Hikvision Products
SN No. HSRC-202601-01
Edit: Hikvision Security Response Center (HSRC)
Initial Release Date: 2026-01-12
Summary
(1) CVE-2025-66176 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision Access Control Products. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
(2) CVE-2025-66177 - There is a Stack overflow Vulnerability in the device Search and Discovery feature of Hikvision NVR/DVR/CVR/IPC models. If exploited, an attacker on the same local area network (LAN) could cause the device to malfunction by sending specially crafted packets to an unpatched device.
CVE ID
CVE-2025-66176
CVE-2025-66177
Scoring
CVSS v3.1 is adopted in scoring these vulnerabilities (http://www.first.org/cvss/specification-document)
CVE-2025-66176
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVE-2025-66177
Base score:8.8 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
Affected Versions
CVE ID |
Affected Products |
CVE-2025-66176 |
Partial Access Control Series Products |
CVE-2025-66177 |
Partial NVR, DVR, CVR, IPC Series Products |
For the specific list of affected models, please click the link to view.
Obtaining Fixed Versions
Users can download patches/updates on the Hikvision official website.
Source of vulnerability information
CVE-2025-66176 was reported by a member of Cisco Talos Team,while CVE-2025-66177 was reported by independent security researcher Angel Lozano Alcazar and Pedro Guillen Nuñez.
Contact Us
To report any security issues or vulnerabilities in Hikvision products and solutions, please contact Hikvision Security Response Center at hsrc@hikvision.com.
Hikvision would like to thank all security researchers for your attention to our products.
Declaration
This document is provided on an “AS IS” basis and without warranties of any kind, either express or implied, including but not limited to the warranties of merchantability or fitness for a particular purpose.
Hikvision or any of its directly or indirectly controlled subsidiaries or its suppliers shall not be liable for any damages arising out of or in connection with the use of this document, including direct, indirect, incidental, special, or consequential damages.
Hikvision reserves the right to revise or update this document at any time.
Hikvision.com uses strictly necessary cookies and related technologies to enable the website to function. With your consent, we would also like to use cookies to observe and analyse traffic levels and other metrics / show you targeted advertising / show you advertising on the basis of your location / tailor our website's content. For more information on cookie practices please refer to our cookie policy.
