CVE-2025-45851 is a vulnerability identified in the Hikvision DS-2CD1321-I network camera firmware version V5.7.21 build 230819. The flaw allows an attacker to cause a Denial of Service (DoS) condition by sending a specially crafted POST request to the endpoint /ISAPI/Security/challenge. This endpoint is part of the device's security challenge mechanism, likely involved in authentication or session management. Exploiting this vulnerability results in the device becoming unresponsive or crashing, thereby disrupting its normal operation. Since the vulnerability is triggered via a network request, it can be exploited remotely without physical access. The vulnerability does not require authentication or user interaction, making it easier for attackers to exploit if the device is exposed to untrusted networks. No CVSS score has been assigned yet, and there are no known public exploits in the wild at the time of publication. The affected product is a widely deployed IP camera model used in surveillance systems, often integrated into security infrastructure for physical security monitoring.

For European organizations, this vulnerability poses a significant risk to physical security systems relying on Hikvision DS-2CD1321-I cameras. A successful DoS attack could disable surveillance capabilities, creating blind spots in security coverage and increasing the risk of unauthorized access, theft, or sabotage. Critical infrastructure facilities, government buildings, transportation hubs, and private enterprises using these cameras could face operational disruptions and increased security risks. Additionally, the downtime caused by the DoS could delay incident detection and response, amplifying potential damage. Since these cameras are often network-connected and sometimes accessible from external networks, the attack surface is considerable. The lack of authentication requirement for exploitation further elevates the threat level. Although no exploits are currently known in the wild, the vulnerability's existence may attract attackers to develop weaponized exploits, especially in geopolitical contexts where surveillance systems are targeted.

Organizations should immediately assess their deployment of Hikvision DS-2CD1321-I cameras to identify devices running firmware version V5.7.21 build 230819. Until an official patch is released, network-level mitigations should be applied: restrict access to the cameras' management interfaces by implementing strict firewall rules limiting inbound traffic to trusted IP addresses only; isolate the cameras on segmented VLANs to reduce exposure; disable remote access if not required; and monitor network traffic for unusual POST requests targeting the /ISAPI/Security/challenge endpoint. Additionally, organizations should engage with Hikvision or authorized vendors to obtain firmware updates or advisories addressing this vulnerability. Implementing intrusion detection systems (IDS) with signatures to detect anomalous POST requests to the affected endpoint can provide early warning. Regularly reviewing and updating device firmware and maintaining an asset inventory will help manage such vulnerabilities proactively.