Dear Valued Partner,
Recently, VulnCheck publicly disclosed a vulnerability in the open-source fastjson library, identified as CVE-2025-34067. Hikvision has been actively monitoring the development from the outset and would like to share our current analysis and clarifications to help you better understand the issue.
The vulnerability is associated with the service interface of the Single Sign-On (SSO) component used in Hikvision’s iSecure Center, a software released for the domestic market in China and no overseas markets. The component’s use of the third-party fastjson library has been found to introduce a deserialization flaw that could potentially lead to remote command execution.
We would like to clarify several points in response to recent media coverage:
- This is not a newly discovered vulnerability. It is a known issue in the fastjson library that has been publicly documented and responsibly patched in all applicable Hikvision products over time.
- HikCentral is not affected. Contrary to some reports, HikCentral does not utilize the affected SSO component and is therefore not impacted by CVE-2025-34067. This has also been confirmed in the updated CVE details.
- Some third-party articles have inaccurately linked this vulnerability to HikCentral. We have engaged with VulnCheck and other sources, and they have since corrected their statements to ensure accurate reporting.
Hikvision takes cybersecurity seriously and is fully committed to safeguarding our users. We will continue to closely monitor the situation and provide timely updates as new information becomes available. In addition, we have proactively implemented enhanced security measures to strengthen protection and improve overall situational awareness.
If you have any further questions or concerns, please do not hesitate to contact us.
Kind regards,
Justin Hollis
Director Public Affairs
Technologies
Product Selector
New Products
Accessory Selector
Hikvision License Activation
Hikvision App Store
HiTools Designer
