CVE-2025-14015

HighPublic PoC

Published: 04 December 2025

Published

04 December 2025

Modified

23 December 2025

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0043 62.6th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-14015 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in H3C Magic B0 Firmware. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SC-7 (Boundary Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Requires timely remediation of the buffer overflow vulnerability in H3C Magic B0 via patching, mitigations, or replacement since no vendor fix is available.

RA-5 Vulnerability Monitoring and Scanning good match

detect

Scans organizational systems to identify vulnerable H3C Magic B0 devices up to 100R002 affected by CVE-2025-14015 for prioritized action.

SC-7 Boundary Protection good match

prevent

Blocks unauthorized remote network access to the vulnerable /goform/aspForm management endpoint, countering the AV:N exploitation vector.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Buffer overflow in the public-facing web management interface (/goform/aspForm EditWlanMacList) of H3C Magic B0 router enables remote code execution for initial access (T1190) and denial of service through application exploitation (T1499.004).

NVD Description

A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has…

been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Deeper analysisAI

CVE-2025-14015 is a buffer overflow vulnerability affecting H3C Magic B0 devices up to version 100R002. The issue resides in the EditWlanMacList function within the /goform/aspForm file, where manipulation of the "param" argument triggers the overflow. This flaw, linked to CWE-119 and CWE-120, carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote exploitation.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation allows high-impact consequences, including unauthorized access to confidential data, modification of system integrity, and disruption of availability, potentially leading to remote code execution on the affected device.

Advisories from VulDB note that the exploit is publicly available on GitHub, and the vendor was contacted early but provided no response or patch. No official mitigation or firmware update is referenced, leaving affected systems reliant on network segmentation, access controls, or device replacement to reduce exposure.

The public disclosure of the exploit code heightens the risk of widespread targeting, particularly for unpatched H3C Magic B0 deployments in enterprise networks.

Details

CWE(s): CWE-119 CWE-120

Affected Products

h3c

magic b0 firmware

≤ 100R002

CVEs Like This One

CVE-2026-3701Same vendor: H3C

CVE-2024-57479Same vendor: H3C

CVE-2024-57480Same vendor: H3C

CVE-2024-57471Same vendor: H3C

CVE-2024-57473Same vendor: H3C

CVE-2024-57482Same vendor: H3C

CVE-2025-12595Shared CWE-119, CWE-120

CVE-2025-11297Shared CWE-119, CWE-120

CVE-2025-12234Shared CWE-119, CWE-120

CVE-2025-12611Shared CWE-119, CWE-120

References

https://github.com/HungryGoogle/log_attack/blob/main/index2/2.md
Exploit, Third Party Advisory · cna@vuldb.com
https://vuldb.com/?ctiid.334256
Permissions Required, VDB Entry · cna@vuldb.com
https://vuldb.com/?id.334256
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.694755
Third Party Advisory, VDB Entry · cna@vuldb.com
https://github.com/HungryGoogle/log_attack/blob/main/index2/2.md
Exploit, Third Party Advisory · 134c704f-9b21-4f2e-91b3-4a467353bcc0