There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
Advisories
Source ID Title
EUVD EUVD EUVD-2025-26200 There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 31 Aug 2025 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Hikvision
Hikvision hikcentral Master Lite
Vendors & Products Hikvision
Hikvision hikcentral Master Lite

Fri, 29 Aug 2025 14:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-1236
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 29 Aug 2025 02:30:00 +0000

Type Values Removed Values Added
Description There is a CSV Injection Vulnerability in some HikCentral Master Lite versions. This could allow an attacker to inject executable commands via malicious CSV data.
References
Metrics cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:L'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hikvision

Published:

Updated: 2025-08-29T13:33:42.304Z

Reserved: 2025-04-16T05:37:51.248Z

Link: CVE-2025-39245

cve-icon Vulnrichment

Updated: 2025-08-29T13:33:23.828Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-29T03:15:38.733

Modified: 2025-08-29T16:24:29.730

Link: CVE-2025-39245

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-31T08:41:41Z