| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2025-0051 | High | October 31, 2025 | External submission | N/A |
Overview
Hillstone Products Activation Logic Vulnerability. The vulnerability is caused by the system’s failure to fully verify the activation code data. Attackers can use this defect to bypass the normal activation mechanism of the device, so as to realize the illegal activation of the device.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| iSource | Versions before R14P3 | R14P3 |
| HSM | Versions before 5.6.9, Versions before 4.19.14 | Version 5.6.9 and Version 4.19.14 |
| HSA | Versions before 2.22.1 | Version 2.22.1 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments