CVE-2025-8907
BaseFortify
Publication date: 2025-08-13
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h3c | m2_nas | v100r006 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-250 | The product performs an operation at a privilege level that is higher than the minimum level required, which creates new weaknesses or amplifies the consequences of other weaknesses. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Webserver Configuration component of H3C M2 NAS V100R006. It allows local attackers to execute actions with unnecessary privileges due to manipulation of an unknown functionality. Exploiting this vulnerability is difficult and requires local access. The vendor notes that the device does not have boa functionality for anonymous file access or upload, and only unsupported products are affected.
How can this vulnerability impact me? :
If exploited locally, this vulnerability can lead to execution with elevated privileges, potentially allowing an attacker to perform unauthorized actions on the affected device. However, exploitation is complex and difficult, and only unsupported products are affected.
What immediate steps should I take to mitigate this vulnerability?
Since the affected products are no longer supported by the maintainer and the vulnerability requires local access with high attack complexity, immediate mitigation steps include restricting local access to trusted users only, monitoring for any suspicious local activity, and considering replacement or upgrade of the affected devices to supported versions or alternative products.