| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2025-0041 | Medium | July 03, 2025 | External submission | N/A |
Overview
Hillstone HSM offline Interface XXE Vulnerability. The vulnerability is that the system does not strictly filter the XML data incoming from users, resulting in the attackers being able to load external files, detect intranet ports, attack intranet websites, initiate denial-of-service attacks (DoS), etc. through maliciously constructed XML data.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSM | Versions before V4.19.11 | V4.19.11 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments