Description
A vulnerability was found in H3C SecCenter SMP-E1114P02 up to 20250513. It has been classified as critical. This affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2025-5157, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2025-5157 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.
References:
- http://webappsec.pbworks.com/Path-Traversal
- https://capec.mitre.org/data/definitions/126.html
- https://capec.mitre.org/data/definitions/64.html
- https://capec.mitre.org/data/definitions/76.html
- https://capec.mitre.org/data/definitions/78.html
- https://capec.mitre.org/data/definitions/79.html
- https://nvd.nist.gov/vuln/detail/CVE-2025-5157