CVE-2025-57295HIGH 8.0EPSS p29.7%

CVE-2025-57295CVE-2025-57295

Description

H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.

Scoring

CVSS 3.18.0 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS0.38% probability of exploitation · percentile 29.7% · 2026-06-18T12:00:27Z
Published2025-09-18
Last modified2025-10-03

Underlying weaknesses· 2

CWE-521CWE-1188

References

  1. https://github.com/ZZ2266/.github.io/blob/main/H3C/readme.md
  2. https://www.h3c.com/cn/d_202504/2407151_30005_0.htm

2

TypeTargetConfidenceTier
WeaknessInitialization of a Resource with an Insecure Defaultcwe-11880%live
WeaknessWeak Password Requirementscwe-5210%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-57577
CVE
CVE-2025-57578
CVE
CVE-2025-44635
CVE
CVE-2026-35905
CVE
CVE-2025-70798
CVE
CVE-2025-52549
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.