CVE-2025-5162 – This critical vulnerability in H3C SecCenter SM... (How to Fix)

Q: What is the severity of CVE-2025-5162?

CVE-2025-5162 has a CVSS score of 6.3 (MEDIUM). This critical vulnerability in H3C SecCenter SMP-E1114P02 allows remote attackers to upload arbitrary files without restrictions via the /safeEvent/importFile/ endpoint. Affected systems are those running versions up to 20250513, potentially enabling attackers to execute malicious code or compromise the system. The vulnerability stems from improper access control in file upload functionality.

📋 TL;DR

This critical vulnerability in H3C SecCenter SMP-E1114P02 allows remote attackers to upload arbitrary files without restrictions via the /safeEvent/importFile/ endpoint. Affected systems are those running versions up to 20250513, potentially enabling attackers to execute malicious code or compromise the system. The vulnerability stems from improper access control in file upload functionality.

💻 Affected Systems

Products:

H3C SecCenter SMP-E1114P02

Versions: Up to and including 20250513

Operating Systems: Unknown - likely appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the /safeEvent/importFile/ endpoint with logGeneralFile/logGeneralFile_2 parameters.

📦 What is this software?

Seccenter Smp 1114p02 by H3c

View all CVEs affecting Seccenter Smp 1114p02 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

Unauthorized file upload enabling web shell deployment, data manipulation, or denial of service attacks.

🟢

If Mitigated

Limited impact with proper network segmentation, file upload restrictions, and monitoring in place.

🌐 Internet-Facing: HIGH - Attack can be launched remotely and exploit is publicly available.

🏢 Internal Only: MEDIUM - Still vulnerable to internal threats but attack surface is reduced.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit has been publicly disclosed and requires minimal technical skill to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available - vendor did not respond to disclosure

Restart Required: No

Instructions:

No official patch available. Monitor H3C security advisories for updates.

🔧 Temporary Workarounds

Block Vulnerable Endpoint

all

Restrict access to /safeEvent/importFile/ endpoint using web application firewall or network controls

# WAF rule to block /safeEvent/importFile/
# Network ACL to restrict access to vulnerable path

Implement File Upload Restrictions

all

Configure strict file type validation and size limits for upload functionality

# Configure file upload restrictions in web server/app configuration

🧯 If You Can't Patch

Isolate affected systems from internet and restrict network access
Implement strict monitoring for file upload activities and suspicious network traffic

🔍 How to Verify

Check if Vulnerable:

Check if system version is 20250513 or earlier and test /safeEvent/importFile/ endpoint for unrestricted file upload

Check Version:

# Check H3C SecCenter version via web interface or system console

Verify Fix Applied:

Verify that file upload restrictions are properly enforced and endpoint is secured

📡 Detection & Monitoring

Log Indicators:

Unusual file upload activities to /safeEvent/importFile/
Suspicious POST requests with file parameters
Unexpected file creations in web directories

Network Indicators:

HTTP POST requests to /safeEvent/importFile/ with file uploads
Unusual outbound connections from affected system

SIEM Query:

source="web_logs" AND uri="/safeEvent/importFile/" AND (method="POST" OR file_upload="true")

📊 Metadata

CVE ID: CVE-2025-5162

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-284

EPSS Score: 0.09% exploit probability (25th percentile)

Published: May 26, 2025

Last Updated: June 3, 2025

🔗 References

https://flowus.cn/share/ce6c4094-8d97-466c-8fcc-df3f3d6f314e?code=G8A6P3 Permissions Required
https://flowus.cn/share/d6c310ac-a179-499f-9e9a-5c0de80b19be?code=G8A6P3 Permissions Required
https://vuldb.com/?ctiid.310250 Permissions Required,VDB Entry
https://vuldb.com/?id.310250 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.578679 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5162, you might also want to check these: