CVE-2025-5157

medium

Description

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

References

Advisories
More

https://vuldb.com/?submit.576229

https://vuldb.com/?id.310245

https://vuldb.com/?ctiid.310245

https://flowus.cn/share/f78256ea-f210-4b35-ba71-85aba82d3e0a?code=G8A6P3

Details

Source: Mitre, NVD

Published: 2025-05-25

Updated: 2025-06-03

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

CVSS v4

Base Score: 5.3

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00039