- Description
- A vulnerability classified as critical was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected by this vulnerability is an unknown functionality of the file /api/login/auth of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used.
- Source
- cna@vuldb.com
- NVD status
- Awaiting Analysis
CVSS 4.0
- Type
- Secondary
- Base score
- 8.6
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 8
- Impact score
- 5.9
- Exploitability score
- 2.1
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Secondary
- Base score
- 7.7
- Impact score
- 10
- Exploitability score
- 5.1
- Vector string
- AV:A/AC:L/Au:S/C:C/I:C/A:C
- cna@vuldb.com
- CWE-74
- Hype score
- Not currently trending
🚨 CVE-2025-2725 🔴 HIGH (8.7) 🏢 H3C - Magic NX15 🏗️ V100R014 🔗 https://t.co/lej7c73S3V 🔗 https://t.co/dvn83giibO 🔗 https://t.co/eRY1gwsJNu 🔗 https://t.co/skObL03i6W #CyberCron #VulnAlert #InfoSec https://t.co/GiKbz8TvXP
@cybercronai
26 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2725 - H3C Magic NX15 - HIGH 🚨 🗓️ Date published 2025-03-25 03:15:16 UTC #H3CMagicNX15 #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/Yb1ijlO9sn
@vulns_space
25 Mar 2025
12 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2725: HIGH] Critical vulnerability found in H3C Magic devices allows remote command injection through HTTP POST Request Handler component. Vendor notified but no response. Stay vigilant against this cybe...#cybersecurity,#vulnerability https://t.co/kPwPY8RvJ6 https://t.
@CveFindCom
25 Mar 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJyEiR (CVE-2025-2725 | H3C Magic BE18000 up to V100R014 HTTP POST Request /api/login/auth command injection) has been published on https://t.co/3cKQTQdeq9
@WolfgangSesin
24 Mar 2025
2 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes