CVE-2025-14196
Published: 07 December 2025
Summary
CVE-2025-14196 is a high-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces validation of the 'param' argument in /goform/aspForm to directly prevent buffer overflow from improper input handling.
Implements memory protections such as ASLR and DEP to comprehensively mitigate exploitation of the buffer overflow vulnerability.
Mandates identification, reporting, and remediation of the specific buffer overflow flaw in sub_44de0 to eliminate the vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Buffer overflow in public web form (/goform/aspForm) directly enables remote exploitation of a network device for RCE.
NVD Description
A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The…
more
exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
Deeper analysisAI
CVE-2025-14196 is a buffer overflow vulnerability affecting H3C Magic B1 devices up to version 100R004. The issue resides in the sub_44de0 function within the /goform/aspForm file, where manipulation of the "param" argument triggers the overflow. This flaw, linked to CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-120 (Buffer Copy without Checking Size of Input), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity.
Remote attackers with low privileges can exploit this vulnerability over the network with low complexity and no user interaction required. Successful exploitation enables high-impact consequences, including unauthorized access to sensitive data (C:H), modification of system integrity (I:H), and disruption of availability (A:H), potentially leading to remote code execution on the affected device.
References, including GitHub repositories and VulDB entries, document a publicly available proof-of-concept exploit but provide no details on vendor patches or official advisories. The vendor was notified early but has not responded.
Notable context includes the public availability of the exploit, increasing the risk of active exploitation against unpatched H3C Magic B1 devices.
Details
- CWE(s)