CVE-2025-57295

Name of the Vulnerable Software and Affected Versions H3C devices versions NX15V100R015

Description H3C devices are susceptible to unauthorized access due to insecure default credentials. The root user account lacks a password, and the H3C user account utilizes the default password “admin”, both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution.

Recommendations Change the default password for the H3C user account. Set a strong password for the root user account.