1. Home
  2. CVE Database
  3. CVE-2025-66173
MEDIUM · 6.2

CVE-2025-66173

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit t...

Vulnerability Description

There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit this vulnerability by connecting to the affected products and gaining access to an unrestricted shell environment.

CVSS Score

6.2

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
HikvisionDs-7104Hghi-F1 Firmware<= 4.30.122_201107
HikvisionDs-7104Hghi-F1-
HikvisionDs-7204Hghi-F1 Firmware<= 4.30.122_201107
HikvisionDs-7204Hghi-F1-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2025-66173?

CVE-2025-66173 is a vulnerability with a CVSS score of 6.2 (MEDIUM). There is a privilege escalation vulnerability in some Hikvision DVR products. Due to the improper implementation of authentication for the serial port, an attacker with physical access could exploit t...

How severe is CVE-2025-66173?

CVE-2025-66173 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-66173?

Check the references section above for vendor advisories and patch information. Affected products include: Hikvision Ds-7104Hghi-F1 Firmware, Hikvision Ds-7104Hghi-F1, Hikvision Ds-7204Hghi-F1 Firmware, Hikvision Ds-7204Hghi-F1.