CVE-2025-2239 (GCVE-0-2025-2239)

Vulnerability from cvelistv5 – Published: 2025-03-12 09:53 – Updated: 2025-03-12 14:18
VLAI?
Title
Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall
Summary
Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
  • CWE-209 - Generation of Error Message Containing Sensitive Information
Assigner
References
Impacted products
Vendor Product Version
Hillstone Networks Hillstone Next Generation FireWall Affected: 5.5R8P1 , < 5.5R8P23 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-2239",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-12T14:14:22.419551Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-12T14:18:30.762Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "StoneOS"
          ],
          "product": "Hillstone Next Generation FireWall",
          "vendor": "Hillstone Networks",
          "versions": [
            {
              "lessThan": "5.5R8P23",
              "status": "affected",
              "version": "5.5R8P1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
            }
          ],
          "value": "Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-116",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-116 Excavation"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209 Generation of Error Message Containing Sensitive Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-03-12T09:56:14.295Z",
        "orgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
        "shortName": "Hillstone"
      },
      "references": [
        {
          "url": "https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
            }
          ],
          "value": "Upgrade the NGWF device to version 5.5R8P23 or higher."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy.\n\n\n\n\u003cbr\u003e"
            }
          ],
          "value": "If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \"Trusted Host Access\" policy."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2b565742-f273-46f9-b583-07c1fcdea31a",
    "assignerShortName": "Hillstone",
    "cveId": "CVE-2025-2239",
    "datePublished": "2025-03-12T09:53:35.677Z",
    "dateReserved": "2025-03-12T02:07:06.724Z",
    "dateUpdated": "2025-03-12T14:18:30.762Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-2239\",\"sourceIdentifier\":\"sec@hillstonenet.com\",\"published\":\"2025-03-12T10:15:19.940\",\"lastModified\":\"2025-03-12T10:15:19.940\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de generaci\u00f3n de mensaje de error que contiene informaci\u00f3n confidencial en Hillstone Next Generation FireWall de Hillstone Networks. Este problema afecta a Hillstone Next Generation FireWall: desde 5.5R8P1 hasta 5.5R8P23.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"sec@hillstonenet.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"sec@hillstonenet.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-209\"}]}],\"references\":[{\"url\":\"https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd/\",\"source\":\"sec@hillstonenet.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-2239\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-12T14:14:22.419551Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-12T14:18:23.844Z\"}}], \"cna\": {\"title\": \"Absolute Path Disclosure Vulnerability in Hillstone Next Generation FireWall\", \"source\": {\"discovery\": \"EXTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-116\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-116 Excavation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hillstone Networks\", \"product\": \"Hillstone Next Generation FireWall\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.5R8P1\", \"lessThan\": \"5.5R8P23\", \"versionType\": \"custom\"}], \"platforms\": [\"StoneOS\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade the NGWF device to version 5.5R8P23 or higher.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Upgrade the NGWF device to version 5.5R8P23 or higher.\", \"base64\": false}]}], \"references\": [{\"url\": \"https://www.hillstonenet.com.cn/security-notification/2025/02/17/stoneosjd/\"}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \\\"Trusted Host Access\\\" policy.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"If an upgrade is not feasible in the short term, we advise mitigating the risk by configuring a \\\"Trusted Host Access\\\" policy.\\n\\n\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"Generation of Error Message Containing Sensitive Information vulnerability in Hillstone Networks Hillstone Next Generation FireWall.This issue affects Hillstone Next Generation FireWall: from 5.5R8P1 before 5.5R8P23.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-209\", \"description\": \"CWE-209 Generation of Error Message Containing Sensitive Information\"}]}], \"providerMetadata\": {\"orgId\": \"2b565742-f273-46f9-b583-07c1fcdea31a\", \"shortName\": \"Hillstone\", \"dateUpdated\": \"2025-03-12T09:56:14.295Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-2239\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-12T14:18:30.762Z\", \"dateReserved\": \"2025-03-12T02:07:06.724Z\", \"assignerOrgId\": \"2b565742-f273-46f9-b583-07c1fcdea31a\", \"datePublished\": \"2025-03-12T09:53:35.677Z\", \"assignerShortName\": \"Hillstone\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.