CVE-2025-5157

Published: May 25, 2025Modified: Jun 3, 2025

5.3

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Affected (1)

Products: H3c: Seccenter Smp 1114p02

1 product

Seccenter Smp 1114p02

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
H3c Seccenter Smp 1114p02	Up to 20250513

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (4)

https://flowus.cn/share/f78256ea-f210-4b35-ba71-85aba82d3e0a?code=G8A6P3

Source: cna@vuldb.com

Permissions Required

https://vuldb.com/?ctiid.310245

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.310245

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.576229

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.