CVE-2025-5157: H3C SecCenter SMP-E1114P02 fileContent path traversal
Description
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. Es wurde eine Schwachstelle in H3C SecCenter SMP-E1114P02 bis 20250513 ausgemacht. Sie wurde als kritisch eingestuft. Es betrifft die Funktion fileContent der Datei /cfgFile/fileContent. Dank Manipulation des Arguments filePath mit unbekannten Daten kann eine path traversal-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen.
Classification
CVE ID: CVE-2025-5157
CVSS Base Severity: MEDIUM
CVSS Base Score: 4.3
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Problem Types
Path TraversalAffected Products
Vendor: H3C
Product: SecCenter SMP-E1114P02
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.14% (probability of being exploited)
EPSS Percentile: 35.19% (scored less or equal to compared to others)
EPSS Date: 2025-06-18 (when was this score calculated)
References
https://nvd.nist.gov/vuln/detail/CVE-2025-5157https://vuldb.com/?id.310245
https://vuldb.com/?ctiid.310245
https://vuldb.com/?submit.576229
https://flowus.cn/share/f78256ea-f210-4b35-ba71-85aba82d3e0a?code=G8A6P3