Unauthorized Access in H3C Devices Due to Insecure Default Credentials
CVE-2025-57295

8HIGH

Key Information:

Vendor: H3C
Status: H3C Devices
Vendor: CVE Published:; 18 September 2025

What is CVE-2025-57295?

H3C devices with NX15V100R015 firmware are exposed to significant security risks due to the use of insecure default credentials. The root user account is configured without a password, while the H3C user account retains the default password 'admin', both of which are stored in the /etc/shadow file. Attackers can exploit these vulnerabilities by gaining network access and using the default credentials to access the administrative interface or other network services. This unauthorized access can lead to privilege escalation, information disclosure, and even arbitrary code execution, compromising the integrity and security of the entire network.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/ZZ2266/.github.io/blob/main/H3C/readme.md

https://www.h3c.com/cn/d_202504/2407151_30005_0.htm

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 18, 2025
Vulnerability Reserved
Aug 17, 2025

JSON

H3C

What is CVE-2025-57295?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.