Buffer Overflow Vulnerability in H3C GR-5400AX Router
CVE-2025-6090

8.7HIGH

Key Information:

Vendor: H3c
Status: Gr-5400ax
Vendor: CVE Published:; 15 June 2025

What is CVE-2025-6090?

A vulnerability exists in the H3C GR-5400AX V100R009L50 router, specifically in the UpdateWanparamsMulti and UpdateIpv6params functions within the /routing/goform/aspForm file. This flaw allows attackers to manipulate arguments, resulting in a buffer overflow. The vulnerability can be exploited remotely, raising concerns for users and administrators. While details of the exploit have been publicly disclosed, the vendor considers the risk level low and has no immediate plans for a patch.

Affected Version(s)

GR-5400AX V100R009L50

References

https://vuldb.com/?id.312557

vdb-entrytechnical-description

https://vuldb.com/?ctiid.312557

signaturepermissions-required

https://vuldb.com/?submit.587999

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 15, 2025
Vulnerability Reserved
Jun 14, 2025

Credit

CH13hh (VulDB User)

H3c

What is CVE-2025-6090?

Affected Version(s)

References

CVSS V4

Timeline

Credit