CVE-2025-3546
HIGH EPSS 77.2%
Published Apr 14, 20251y ago · Modified Jun 17, 20261w ago
8.6 CVSS 4.0
Published Apr 14, 2025 1y ago
Last Modified Jun 17, 2026 1w ago
Description
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Adjacent
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X
Threat Intelligence
EPSS Exploit Probability
77.2% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 2
CWE-74
CWE-77 Command Injection Injection
Affected Products 10
References 6
- gist.github.com https://gist.github.com/isstabber/154661f329e4ae6bfe15dcdc0b932ff3
- vuldb.com https://vuldb.com/?ctiid.304585
- vuldb.com https://vuldb.com/?id.304585
- vuldb.com https://vuldb.com/?submit.524745
- h3c.com https://www.h3c.com/cn/Service/Document_Software/Software_Download/Consume_product/
- zhiliao.h3c.com https://zhiliao.h3c.com/theme/details/229784
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.