InfoSecBulletin Cybersecurity for mankind
The Hikvision Security Response Center issued advisory revealing three critical vulnerabilities in HikCentral products. CVE identifiers CVE-2025-39245, CVE-2025-39246, and CVE-2025-39247 represent vulnerabilities with moderate to high severity, potentially allowing attackers to execute unauthorized commands, gain elevated privileges, or obtain administrative access.
Summary:Â
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
Critical Cisco ISE Vulnerability Enables Remote Code Execution
(1) There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
(2) There is an Unquoted Service Path Vulnerability in some HikCentral FocSign versions. This could allow an authenticated user to potentially enable escalation of privilege via local access.
(3) There is an Access Control Vulnerability in some HikCentral Professional versions. This could allow an unauthenticated user to obtain the admin permission.
Hikvision recommends upgrading to either Professional version 2.6.3 or 3.0.1, both of which close the authentication loophole and strengthen session management.
Yousef Alfuhaid, Nader Alharbi, Eduardo Bido, and Dr. Matthias Lutter reported these vulnerabilities to HSRC.
Salt Typhoon To Exploit Cisco, Palo Alto, Ivanti Flaws to Breach 600 Org Globally
