CVE-2025-2728
Published: 25 March 2025
Summary
CVE-2025-2728 is a high-severity Injection (CWE-74) vulnerability in H3C Magic NX30 (inferred from references). Its CVSS base score is 8.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Network Device CLI (T1059.008); ranked in the top 43.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2025-2728 is a critical command injection vulnerability (classified under CWE-74 and CWE-77) in H3C Magic NX30 Pro and Magic NX400 routers up to version V100R014. The issue resides in unknown code within the /api/wizard/getNetworkConf file, where manipulation enables command injection. Published on 2025-03-25, it carries a CVSS v3.1 base score of 8.0 (AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Exploitation requires an attacker to be within the local network (adjacent access), with low attack complexity and low privileges such as a valid user account. No user interaction is needed, and successful command injection can lead to high impacts on confidentiality, integrity, and availability, potentially allowing full compromise of the affected device.
Advisories, including those from VulDB and the H3C software download portal, recommend upgrading the affected component to mitigate the vulnerability. Additional details are available in referenced sources such as the GitHub repository at https://github.com/RK1Y8/cve_cve/blob/main/h3c.md and VulDB entries.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-8048
Vulnerability details
A vulnerability has been found in H3C Magic NX30 Pro and Magic NX400 up to V100R014 and classified as critical. This vulnerability affects unknown code of the file /api/wizard/getNetworkConf. The manipulation leads to command injection. The attack needs to be…
more
approached within the local network. It is recommended to upgrade the affected component.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The command injection vulnerability (CWE-74/77) in the router's web API directly enables arbitrary OS command execution on the network device, mapping to abuse of built-in network device CLIs for command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through vendor-recommended upgrades directly eliminates the command injection vulnerability in the affected H3C router firmware.
Information input validation directly prevents command injection by checking and sanitizing untrusted inputs to the vulnerable /api/wizard/getNetworkConf endpoint.
Least privilege limits the scope and impact of injected commands by ensuring the vulnerable API process operates with only necessary privileges.