CVE-2025-14015

HighPublic PoC

Published: 04 December 2025

Published

04 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0028 51.1th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has…

been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the buffer overflow vulnerability in H3C Magic B0 via patching, mitigations, or replacement since no vendor fix is available.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Scans organizational systems to identify vulnerable H3C Magic B0 devices up to 100R002 affected by CVE-2025-14015 for prioritized action.

SC-7 Boundary Protection good match

prevent

Blocks unauthorized remote network access to the vulnerable /goform/aspForm management endpoint, countering the AV:N exploitation vector.

Security SummaryAI

CVE-2025-14015 is a buffer overflow vulnerability affecting H3C Magic B0 devices up to version 100R002. The issue resides in the EditWlanMacList function within the /goform/aspForm file, where manipulation of the "param" argument triggers the overflow. This flaw, linked to CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to remote code execution on the affected device.

Advisories from VulDB note that the exploit is publicly available on GitHub, and the vendor was contacted early but provided no response or patch. No official mitigation or firmware update is referenced, leaving affected systems reliant on network segmentation, access controls, or device replacement to reduce exposure.

The public disclosure of the exploit code heightens the risk of widespread targeting, particularly for unpatched H3C Magic B0 deployments in enterprise networks.

Details

CWE(s): CWE-119 CWE-120

Affected Products

h3c

magic b0 firmware

≤ 100R002

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Buffer overflow in the public-facing web management interface (/goform/aspForm EditWlanMacList) of H3C Magic B0 router enables remote code execution for initial access (T1190) and denial of service through application exploitation (T1499.004).

References

https://github.com/HungryGoogle/log_attack/blob/main/index2/2.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.334256
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.334256
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.694755
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/HungryGoogle/log_attack/blob/main/index2/2.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0