{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6091", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-14T23:04:02.006Z", "datePublished": "2025-06-15T16:31:05.392Z", "dateUpdated": "2025-06-16T16:33:57.505Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-15T16:31:05.392Z"}, "title": "H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-120", "lang": "en", "description": "Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "H3C", "product": "GR-3000AX", "versions": [{"version": "V100R007L50", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in H3C GR-3000AX V100R007L50 ausgemacht. Dabei betrifft es die Funktion UpdateWanParamsMulti/UpdateIpv6Params der Datei /routing/goform/aspForm. Durch Manipulation des Arguments param mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P", "baseSeverity": "HIGH"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C"}}], "timeline": [{"time": "2025-06-14T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T01:09:23.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "CH13hh (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312558", "name": "VDB-312558 | H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312558", "name": "VDB-312558 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.588000", "name": "Submit #588000 | H3C H3C GR-3000AX V100R007L50 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CH13hh/cve/blob/main/new/6.md", "tags": ["broken-link", "exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T16:33:48.763236Z", "id": "CVE-2025-6091", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T16:33:57.505Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow", "credits": [{"lang": "en", "type": "reporter", "value": "CH13hh (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 8.7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 9, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:U/RC:C"}}], "affected": [{"vendor": "H3C", "product": "GR-3000AX", "versions": [{"status": "affected", "version": "V100R007L50"}]}], "timeline": [{"lang": "en", "time": "2025-06-14T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T01:09:23.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312558", "name": "VDB-312558 | H3C GR-3000AX aspForm UpdateIpv6Params buffer overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312558", "name": "VDB-312558 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.588000", "name": "Submit #588000 | H3C H3C GR-3000AX V100R007L50 Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/CH13hh/cve/blob/main/new/6.md", "tags": ["broken-link", "exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in H3C GR-3000AX V100R007L50 ausgemacht. Dabei betrifft es die Funktion UpdateWanParamsMulti/UpdateIpv6Params der Datei /routing/goform/aspForm. Durch Manipulation des Arguments param mit unbekannten Daten kann eine buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-120", "description": "Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-15T16:31:05.392Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6091", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-06-16T16:33:48.763236Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-06-16T16:33:54.388Z"}}]}, "cveMetadata": {"cveId": "CVE-2025-6091", "state": "PUBLISHED", "dateUpdated": "2025-06-15T16:31:05.392Z", "dateReserved": "2025-06-14T23:04:02.006Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-15T16:31:05.392Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en H3C GR-3000AX V100R007L50. Se ha clasificado como cr\u00edtica. La funci\u00f3n UpdateWanParamsMulti/UpdateIpv6Params del archivo /routing/goform/aspForm est\u00e1 afectada. La manipulaci\u00f3n del argumento param provoca un desbordamiento del b\u00fafer. Es posible ejecutar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El proveedor confirma la existencia de este problema. Dado que eval\u00faa el riesgo como bajo, no tiene planes inmediatos de remediaci\u00f3n."}], "id": "CVE-2025-6091", "lastModified": "2025-06-16T12:32:18.840", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-15T17:15:18.360", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/CH13hh/cve/blob/main/new/6.md"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.312558"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.312558"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.588000"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-120"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}