CVE-2025-66174 is a medium-severity vulnerability identified in Hikvision DS-7104HGHI-F1 digital video recorder (DVR) devices, specifically affecting firmware versions up to and including V4.30.122_201107. The root cause is an improper authentication mechanism implemented on the device's serial port interface, which fails to adequately verify the identity of users attempting to access the device via this port. An attacker with physical access to the device can connect to the serial port and execute a series of commands without needing any authentication credentials. This vulnerability is categorized under CWE-287 (Improper Authentication). The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) indicates that the attack can be performed remotely over the network (AV:N), with low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), unchanged scope (S:U), limited confidentiality impact (C:L), no integrity impact (I:N), and low availability impact (A:L). However, the description states physical access is required, which suggests the serial port is not exposed remotely, so the CVSS vector may reflect a conservative assessment or a potential misalignment. No patches or exploits are currently publicly available, but the vulnerability poses a risk to the confidentiality of data accessible via the device and could lead to limited denial of service. The vulnerability affects a widely used Hikvision model often deployed in surveillance systems, making it a concern for organizations relying on these devices for security monitoring.

For European organizations, the impact of CVE-2025-66174 primarily revolves around the potential compromise of surveillance infrastructure confidentiality and availability. If an attacker gains physical access to affected Hikvision DVRs, they could execute unauthorized commands, potentially extracting sensitive video footage or disrupting recording capabilities. This could undermine security monitoring, delay incident response, and expose sensitive environments to further attacks. Critical sectors such as government facilities, transportation hubs, energy plants, and large enterprises that deploy Hikvision devices for surveillance could face increased risk of espionage or sabotage. The limited availability impact suggests that while full device takeover is unlikely, partial service disruption could occur. The confidentiality impact, though limited, is significant given the sensitive nature of surveillance data. The requirement for physical access reduces the attack surface but does not eliminate risk, especially in environments where devices are accessible in less secure locations or where insider threats exist.

1. Enforce strict physical security controls to prevent unauthorized access to DVR devices, including locked enclosures and restricted access areas. 2. Monitor and audit physical access logs to detect and respond to unauthorized attempts promptly. 3. Segregate network and device management interfaces to minimize exposure of serial ports and other low-level access points. 4. Regularly check for firmware updates from Hikvision and apply patches as soon as they become available to address this and other vulnerabilities. 5. Implement device hardening best practices, such as disabling unused ports and interfaces where possible. 6. Use tamper-evident seals or alarms on physical devices to detect unauthorized access attempts. 7. Train security personnel to recognize and respond to physical tampering indicators. 8. Consider deploying additional monitoring solutions that can detect anomalous device behavior indicative of exploitation attempts. 9. Maintain an inventory of all deployed Hikvision devices and their firmware versions to prioritize remediation efforts. 10. Engage with Hikvision support or trusted security vendors for guidance on secure configuration and mitigation strategies specific to this vulnerability.