CVE Alert: CVE-2025-10942 – H3C – Magic B3
CVE-2025-10942
A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
AI Summary Analysis
Risk verdict
High risk; remote code execution is plausible with a publicly available PoC, and no user interaction is required. KEV/SSVC exploitation flags are not explicitly stated in the data, and EPSS is not provided, so treat as high urgency but not automatically Priority 1 without additional EPSS/KEV confirmation.
Why this matters
Exposed at the network edge, the vulnerability affects a device likely used for routing or edge services; successful exploitation could compromise integrity and availability and enable attacker footholds into internal networks. The high impact (memory corruption leading to total impact) raises the potential for persistent control or disruption of services.
Most likely attack path
Attacker probes the device over the network and issues crafted requests to /goform/aspForm with a manipulated param. The overflow causes memory corruption, potentially enabling remote code execution with low-privilege access and no user interaction, allowing lateral movement within the device or towards adjacent hosts if reachable.
Who is most exposed
Organisations deploying H3C Magic B3 devices with management interfaces exposed to the Internet or poorly segmented networks are most at risk. Edge/branch routers and WAN aggregation devices are common deployment targets.
Detection ideas
- Unusual spikes or crashes tied to /goform/aspForm requests; memory/heap corruption events in device logs.
- Repeated, crafted requests with abnormal param lengths from external IPs.
- Core dumps or abnormal reboot events following specific payload patterns (fingerprints from public PoC).
- IOCs and CTI indicators tied to VDB-325812 payloads.
Mitigation and prioritisation
- Apply fixed version beyond 100R002; prioritise patching due to high impact and remote exploitation.
- Restrict access to the affected interface (limit to trusted networks; disable Internet exposure if feasible).
- Implement input validation/length checks on AddMacList param; tighten firewall/WAF rules to block suspicious payloads.
- Schedule patch testing in a staging environment; plan a rapid out-of-band update if changes are disruptive. If KEV or EPSS evidence emerges, elevate to Priority 1.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
