CVE-2025-3539

Published Apr 13, 2025

Last updated 2 months ago

CVSS high 8.6

Overview

Description
A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getBasicInfo of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Source
cna@vuldb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Secondary
Base score
7.7
Impact score
10
Exploitability score
5.1
Vector string
AV:A/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

cna@vuldb.com
CWE-74

Social media

Hype score
Not currently trending

  1. �� CVE-2025-3539 - H3C Magic NX15 - HIGH 🚨 🗓️ Date published 2025-04-13 22:15:13 UTC #H3CMagicNX15 #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/RvyAmjTiHi

    @vulns_space

    13 Apr 2025

    24 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-3539: HIGH] Critical vulnerability found in H3C Magic devices. Exploit allows command injection via HTTP POST Request Handler. Attack possible in local network. Upgrade advised to protect against manipul...#cybersecurity,#vulnerability https://t.co/oozaXt6S8S https://t.

    @CveFindCom

    13 Apr 2025

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-3539 A vulnerability classified as critical has been found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. Affected is the func… https://t.co/iWVv3D9E25

    @CVEnew

    13 Apr 2025

    54 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.