What is the CVSS score of EUVD-2025-201607?

EUVD-2025-201607 has a CVSS 3.1 base score of 8.8 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of H3C Magic B1 are affected by EUVD-2025-201607?

H3C Magic B1 devices contain a critical remote buffer overflow vulnerability with public exploit code available, affecting organizations using this networking equipment.

Is there a public PoC exploit available for EUVD-2025-201607?

Yes, a public proof-of-concept exploit is available for EUVD-2025-201607. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-201607?

Within 24 hours: Inventory all H3C Magic B1 devices running version 100R004 or earlier and assess network exposure of affected systems. Within 7 days: Implement network segmentation to restrict access to /goform/aspForm endpoint, deploy WAF rules to block malicious payloads targeting the vulnerable parameter, and disable the affected web interface if operationally feasible. Within 30 days: Monitor H3C security advisories for patch availability, evaluate replacement or upgrade options if patches remain unavailable, and conduct vulnerability scanning to identify any successful exploitation attempts.

H3C Magic B1 EUVD-2025-201607

| CVE-2025-14196 HIGH

Buffer Overflow (CWE-119)

2025-12-07 cna@vuldb.com

Buffer Overflow

8.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

8.8 HIGH

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 17:50 euvd

EUVD-2025-201607

Analysis Generated

Mar 15, 2026 - 17:50 vuln.today

PoC Detected

Dec 08, 2025 - 18:26 vuln.today

Public exploit code

CVE Published

Dec 07, 2025 - 16:15 nvd

HIGH 8.8

DescriptionCVE.org

A weakness has been identified in H3C Magic B1 up to 100R004. The affected element is the function sub_44de0 of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.

Analysis

Technical ContextAI

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

RemediationAI

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

EUVD-2025-201607 vulnerability details – vuln.today

Back

H3C Magic B1 EUVD-2025-201607

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code