CVE-2025-57295
HIGHDescription
H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.
Is your site exposed to CVE-2025-57295?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| h3c | magic_nx15_firmware |
| h3c | magic_nx15 |
References
Frequently Asked Questions
What is CVE-2025-57295? +
How severe is CVE-2025-57295? +
What products are affected by CVE-2025-57295? +
How do I check if I'm vulnerable to CVE-2025-57295? +
Related Vulnerabilities
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. Versions prior to 16.0.96 and 17.0.1 through …
KTM System e-BOK enforces a maximum password length of six numeric digits and does not permit the use of any …
Hikvision Streaming Media Management Server v2.3.5 uses default credentials that allow remote attackers to authenticate and access restricted functionality. After …
No password for the root user is set in Novakon P series. This allows phyiscal attackers to enter the console …
Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force …
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac …