CVE-2025-66173 – A privilege escalation vulnerability in Hikvisi... (How to Fix)

Q: What is the severity of CVE-2025-66173?

CVE-2025-66173 has a CVSS score of 6.2 (MEDIUM). A privilege escalation vulnerability in Hikvision DVR/NVR devices allows attackers with physical access to gain unrestricted shell access via the serial port. This affects organizations using vulnerable Hikvision surveillance equipment where physical security controls are insufficient. The vulnerability stems from improper authentication implementation for serial port access.

📋 TL;DR

A privilege escalation vulnerability in Hikvision DVR/NVR devices allows attackers with physical access to gain unrestricted shell access via the serial port. This affects organizations using vulnerable Hikvision surveillance equipment where physical security controls are insufficient. The vulnerability stems from improper authentication implementation for serial port access.

💻 Affected Systems

Products:

Hikvision DVR/NVR devices

Versions: Specific versions not detailed in advisory - check vendor advisory for exact affected models/versions

Operating Systems: Embedded Linux-based firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects devices with accessible serial ports. Devices in locked cabinets or secured locations are less vulnerable.

📦 What is this software?

Ds 7104hghi F1 Firmware by Hikvision

View all CVEs affecting Ds 7104hghi F1 Firmware →

Ds 7204hghi F1 Firmware by Hikvision

View all CVEs affecting Ds 7204hghi F1 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, exfiltrate surveillance footage, pivot to internal networks, or disable security monitoring entirely.

🟠

Likely Case

Attacker gains administrative control of the DVR/NVR, potentially accessing recorded footage, modifying system settings, or using the device as a foothold for further attacks.

🟢

If Mitigated

Limited impact due to strong physical security controls preventing unauthorized physical access to device serial ports.

🌐 Internet-Facing: LOW - This requires physical access to the device's serial port, not network access.

🏢 Internal Only: MEDIUM - Physical access requirement makes exploitation less likely than network-based attacks, but still concerning for devices in accessible locations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires physical access and basic serial connection tools (USB-to-serial adapter, terminal software). No authentication bypass needed once physical access obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific firmware versions

Vendor Advisory: https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/

Restart Required: Yes

Instructions:

1. Check vendor advisory for affected models. 2. Download latest firmware from Hikvision portal. 3. Backup device configuration. 4. Upload firmware via web interface. 5. Reboot device. 6. Verify firmware version updated.

🔧 Temporary Workarounds

Physical Security Hardening

all

Prevent physical access to device serial ports

Serial Port Disable

all

Disable serial port functionality if not needed

🧯 If You Can't Patch

Implement strict physical access controls - lock devices in secure cabinets
Monitor physical access to device locations and implement surveillance of equipment rooms

🔍 How to Verify

Check if Vulnerable:

Check device model against Hikvision advisory. Attempt serial connection to device port (requires physical access).

Check Version:

Check via web interface: System > Maintenance > Version Information or via serial console if accessible

Verify Fix Applied:

Verify firmware version matches patched version from advisory. Attempt serial connection to confirm authentication required.

📡 Detection & Monitoring

Log Indicators:

Serial port access logs (if available)
Unexpected reboots or configuration changes

Network Indicators:

Unusual network traffic from DVR/NVR devices

SIEM Query:

Device logs showing configuration changes without authorized maintenance windows

📊 Metadata

CVE ID: CVE-2025-66173

CVSS v3 Score: 6.2 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-269

EPSS Score: 0.07% exploit probability (20.9th percentile)

Published: December 19, 2025

Last Updated: December 23, 2025

🔗 References

https://www.hikvision.com/en/support/cybersecurity/security-advisory/serial-port-privilege-escalation-vulnerabilities-in-some-hikvision-nvr-devices/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66173, you might also want to check these: