InfoSecBulletin Cybersecurity for mankind
The Hikvision Security Response Center issued advisory revealing three critical vulnerabilities in HikCentral products. CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247 represent vulnerabilities with moderate to high severity, potentially allowing attackers to execute unauthorized commands, gain elevated privileges, or obtain administrative access.
Summary:
Hacker claim to breach Link3; 189,000 Users data up for sale
Check Point Hosts “Securing the Hyperconnected World in the AI Era” in Dhaka
Microsoft Confirms 900+ XSS Vulns Found in IT Services
Daily Security Update Dated : 15.09.2025
IBM QRadar SIEM Vuln Let Attackers Perform Unauthorized Actions
Major Australian Banks using Army of AI Bots to Scam Scammers
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
(1) There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
(2) There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
(3) There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Hikvision recommends upgrading to either Professional version 2.6.3 or 3.0.1, both of which close the authentication loophole and strengthen session management.
Yousef Alfuhaid, Nader Alharbi, Eduardo Bido, and Dr. Matthias Lutter reported these vulnerabilities to HSRC.
Salt Typhoon To Exploit Cisco, Palo Alto, Ivanti Flaws to Breach 600 Org Globally
