Search criteria
2 vulnerabilities found for Hillstone Next Generation FireWall by Hillstone Networks
CVE-2025-2239 (GCVE-0-2025-2239)
Vulnerability from nvd – Published: 2025-03-12 09:53 – Updated: 2025-03-12 14:18
VLAI?
Title
Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Summary
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hillstone Networks | Hillstone Next Generation FireWall |
Affected:
5.5R8P1 , < 5.5R8P23
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:14:22.419551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:18:30.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"StoneOS"
],
"product": "Hillstone Next Generation FireWall",
"vendor": "Hillstone Networks",
"versions": [
{
"lessThan": "5.5R8P23",
"status": "affected",
"version": "5.5R8P1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
}
],
"value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T09:56:14.295Z",
"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"shortName": "Hillstone"
},
"references": [
{
"url": "https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
}
],
"value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\n\n\u003cbr\u003e"
}
],
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"assignerShortName": "Hillstone",
"cveId": "CVE-2025-2239",
"datePublished": "2025-03-12T09:53:35.677Z",
"dateReserved": "2025-03-12T02:07:06.724Z",
"dateUpdated": "2025-03-12T14:18:30.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-2239 (GCVE-0-2025-2239)
Vulnerability from cvelistv5 – Published: 2025-03-12 09:53 – Updated: 2025-03-12 14:18
VLAI?
Title
Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Summary
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
Severity ?
5.3 (Medium)
CWE
- CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hillstone Networks | Hillstone Next Generation FireWall |
Affected:
5.5R8P1 , < 5.5R8P23
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-2239",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-12T14:14:22.419551Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T14:18:30.762Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"StoneOS"
],
"product": "Hillstone Next Generation FireWall",
"vendor": "Hillstone Networks",
"versions": [
{
"lessThan": "5.5R8P23",
"status": "affected",
"version": "5.5R8P1",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
}
],
"value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-209",
"description": "CWE-209 Generation of Error Message Containing Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-12T09:56:14.295Z",
"orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"shortName": "Hillstone"
},
"references": [
{
"url": "https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
}
],
"value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\n\n\u003cbr\u003e"
}
],
"value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
"assignerShortName": "Hillstone",
"cveId": "CVE-2025-2239",
"datePublished": "2025-03-12T09:53:35.677Z",
"dateReserved": "2025-03-12T02:07:06.724Z",
"dateUpdated": "2025-03-12T14:18:30.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}