Remote Command Execution Vulnerability in H3C Routers and Access Points
CVE-2025-63258

6.5MEDIUM

Key Information:

Vendor: H3C
Status: H3C ERG3/ERG5 series routers and XiaoBei series routers, cloud gateways, and wireless access points
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-63258?

A remote command execution vulnerability allows attackers to exploit various H3C ERG3 and ERG5 series routers, as well as XiaoBei routers and wireless access points. This security flaw can be exploited by injecting crafted commands into the sessionid parameter, potentially leading to unauthorized access and full control over affected devices. Users are encouraged to apply patches and update their systems to mitigate risks.

References

http://h3c.com

https://zhiliao.h3c.com/Theme/details/232571

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Oct 27, 2025

JSON