CVE-2025-63258
MEDIUM EPSS 24.6%
Published Nov 18, 20257mo ago · Modified Jun 17, 20261w ago
6.5 CVSS 3.1
Published Nov 18, 2025 7mo ago
Last Modified Jun 17, 2026 1w ago
Description
A remote command execution (RCE) vulnerability was discovered in all H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points (versions R0162P07, UAP700-WPT330-E2265, UAP672-WPT330-R2262, UAP662E-WPT330-R2262P03, WAP611-WPT330-R1348-OASIS, WAP662-WPT330-R2262, WAP662H-WPT330-R2262, USG300V2-WPT330-R2129, MSG300-WPT330-R1350, and MSG326-WPT330-R2129). Attackers are able to exploit this vulnerability via injecting crafted commands into the sessionid parameter.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity Low
Availability None
Threat Intelligence
EPSS Exploit Probability
24.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-77 Command Injection Injection
References 2
- h3c.com http://h3c.com
- zhiliao.h3c.com https://zhiliao.h3c.com/Theme/details/232571
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.