CVE-2025-3546

Published Apr 14, 2025

Last updated 2 months ago

CVSS high 8.6

Overview

Description
A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.
Source
cna@vuldb.com
NVD status
Awaiting Analysis

Risk scores

CVSS 4.0

Type
Secondary
Base score
8.6
Impact score
-
Exploitability score
-
Vector string
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Severity
HIGH

CVSS 3.1

Type
Primary
Base score
8
Impact score
5.9
Exploitability score
2.1
Vector string
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

CVSS 2.0

Type
Secondary
Base score
7.7
Impact score
10
Exploitability score
5.1
Vector string
AV:A/AC:L/Au:S/C:C/I:C/A:C

Weaknesses

cna@vuldb.com
CWE-74

Social media

Hype score
Not currently trending

  1. �� CVE-2025-3546 - Jenkins - HIGH 🚨 🗓️ Date published 2025-04-14 02:15:13 UTC #Jenkins #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/rycwIr9Pk5

    @vulns_space

    14 Apr 2025

    32 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-3546: HIGH] Critical vulnerability discovered in H3C Magic series products. Exploit allows command injection via HTTP POST Requests on local network. Upgrade to V100R014 recommended.#cybersecurity,#vulnerability https://t.co/Y0zIuCtXyZ https://t.co/1lZzCnqOx8

    @CveFindCom

    14 Apr 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. We have just added an important vulnerability affecting H3C Magic NX15 and other products (CVE-2025-3546) https://t.co/sfULDKNaIK

    @vuldb

    13 Apr 2025

    28 Impressions

    1 Retweet

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.