Login Sign Up

CVE-2025-5158

4.3 MEDIUM
Path Traversal

📋 TL;DR

This CVE describes a path traversal vulnerability in H3C SecCenter SMP-E1114P02 that allows attackers to access arbitrary files on the system by manipulating the filename parameter in the downloadSoftware function. The vulnerability affects systems running versions up to 20250513 and can be exploited remotely without authentication.

💻 Affected Systems

Products:
  • H3C SecCenter SMP-E1114P02
Versions: Up to and including 20250513
Operating Systems: Unknown - likely embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All systems running affected versions with the vulnerable endpoint accessible are at risk.

📦 What is this software?

Seccenter Smp 1114p02 by H3c

View all CVEs affecting Seccenter Smp 1114p02 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could read sensitive system files, configuration files, or credentials, potentially leading to full system compromise.

🟠

Likely Case

Unauthorized file access leading to information disclosure of configuration files, logs, or other sensitive data.

🟢

If Mitigated

Limited impact if proper network segmentation and access controls prevent external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploit details have been publicly disclosed and the vulnerability is remotely exploitable without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Contact H3C support for updates and monitor their security advisories.

🔧 Temporary Workarounds

Network Access Restriction

all

Restrict network access to the vulnerable endpoint (/cfgFile/downloadSoftware) using firewall rules or network segmentation.

Input Validation

all

Implement input validation to reject filename parameters containing path traversal sequences (../, ..\) if custom modifications are possible.

🧯 If You Can't Patch

  • Isolate the affected system in a restricted network segment with no internet access
  • Implement strict firewall rules to allow only trusted IP addresses to access the vulnerable endpoint

🔍 How to Verify

Check if Vulnerable:

Check if the system is running H3C SecCenter SMP-E1114P02 version 20250513 or earlier and if the /cfgFile/downloadSoftware endpoint is accessible.

Check Version:

Check system configuration or web interface for version information (specific command unknown)

Verify Fix Applied:

Verify that the system has been updated to a version after 20250513 or that the vulnerable endpoint is no longer accessible.

📡 Detection & Monitoring

Log Indicators:

  • Unusual access patterns to /cfgFile/downloadSoftware
  • Requests with filename parameters containing path traversal sequences

Network Indicators:

  • HTTP requests to /cfgFile/downloadSoftware with suspicious filename parameters

SIEM Query:

http.url:"/cfgFile/downloadSoftware" AND (http.param.filename:"../" OR http.param.filename:"..\\")

📊 Metadata

CVE ID: CVE-2025-5158
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE: CWE-22
EPSS Score: 0.22% exploit probability (44.4th percentile)
Published: May 25, 2025
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5158, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)