CVE-2025-57295
Last modified
CVE-2025-57295 is a high-severity vulnerability rated 8/10 on the CVSS scale. H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| H3c | Magic Nx15 Firmware | nx15v100r015 |
References
- https://github.com/ZZ2266/.github.io/blob/main/H3C/readme.mdExploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-57295?
How severe is CVE-2025-57295?
How do I fix CVE-2025-57295?
Are you affected by CVE-2025-57295?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST