| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2025-0042 | Medium | August 12, 2025 | External submission | N/A |
Overview
Hillstone HSM Multiple Backend Arbitrary File Read Vulnerabilities. These vulnerabilities are due to the system’s failure to limit the path location of the request file, so that attackers with administrator privileges can use the vulnerability to access any file on the server, resulting in the leakage of sensitive information.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| HSM | Versions before 5.6.8.1, Versions before 4.19.12 | Version 5.6.8.1 and Version 4.19.12 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments