CVE-2025-3546

Severity CVSS v4.0:

HIGH

Type:

CWE-74 Injection

Publication date:

14/04/2025

Last modified:

13/02/2026

Description

A vulnerability was found in H3C Magic NX15, Magic NX30 Pro, Magic NX400, Magic R3010 and Magic BE18000 up to V100R014. It has been declared as critical. Affected by this vulnerability is the function FCGI_CheckStringIfContainsSemicolon of the file /api/wizard/getLanguage of the component HTTP POST Request Handler. The manipulation leads to command injection. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.

Impact

Vector 4.0

CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS v4.0 Severity and Metrics:

Base Score: 8.60 HIGH
Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Attack Requirements (AT): None
Privileges Required (PR): Low
User Interaction (UI): None
Confidentiality (VC): High
Integrity (VI): High
Availability (VA): High
Confidentiality (SC): None
Integrity (SI): None
Availability (SA): None

Base Score 4.0

8.60

Severity 4.0

HIGH

Vector 3.x

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS v3.1 Severity and Metrics:

Base Score: 8.00 HIGH
Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High

Base Score 3.x

8.00

Severity 3.x

HIGH

Vector 2.0

AV:A/AC:L/Au:S/C:C/I:C/A:C CVSS v2.0 Severity and Metrics:

Base Score: 7.70 HIGH
Vector: AV:A/AC:L/Au:S/C:C/I:C/A:C

Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Authentication (Au): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete

Base Score 2.0

7.70

Severity 2.0

HIGH

Vulnerable products and versions

CPE	From	Up to
cpe:2.3:o:h3c:magic_nx15_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx15:-:::::::*
cpe:2.3:o:h3c:magic_nx30_pro_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx30_pro:-:::::::*
cpe:2.3:o:h3c:magic_nx400_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx400:-:::::::*
cpe:2.3:o:h3c:magic_r3010_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_r3010:-:::::::*
cpe:2.3:o:h3c:magic_be18000_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_be18000:-:::::::*

To consult the complete list of CPE names with products and versions, see this page

CPE	From	Up to
cpe:2.3:o:h3c:magic_nx15_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx15:-:::::::*
cpe:2.3:o:h3c:magic_nx30_pro_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx30_pro:-:::::::*
cpe:2.3:o:h3c:magic_nx400_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_nx400:-:::::::*
cpe:2.3:o:h3c:magic_r3010_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_r3010:-:::::::*
cpe:2.3:o:h3c:magic_be18000_firmware::::::::		100r014 (including)
cpe:2.3:h:h3c:magic_be18000:-:::::::*

CVE-2025-3546

Description

Impact

Vulnerable products and versions

References to Advisories, Solutions, and Tools