CVE-2025-8907

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: H3C M2 NAS version V100R006

Description: A vulnerability exists in the Webserver Configuration component of H3C M2 NAS version V100R006. The vulnerability allows for execution with unnecessary privileges through manipulation. An attack must be initiated locally and is considered complex and difficult to exploit. The vendor states that the device lacks boa functionality and prevents anonymous file access. This vulnerability affects products no longer supported by the maintainer.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

LPE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-250

Related Identifiers

CVE-2025-8907

Affected Products

H3C M2 Nas

CVE-2025-8907

Weakness Enumeration

Related Identifiers

Affected Products

References · 8