CVE-2025-63258
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-11-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| h3c | xiaobei | * |
| h3c | erg3 | * |
| h3c | cloud_gateway | * |
| h3c | erg5 | * |
| h3c | wireless_access_point | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-77 | The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a remote command execution (RCE) flaw found in certain H3C routers, cloud gateways, and wireless access points. Attackers can exploit it by injecting specially crafted commands into the sessionid parameter, allowing them to execute arbitrary commands remotely on the affected devices.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow attackers to remotely execute commands on affected devices, potentially leading to unauthorized control, data theft, disruption of network services, or further compromise of the network infrastructure.