| Advisory ID | Severity | Release Date | Reported By | CVE ID |
| HSVD-2025-0064 | Medium | April 17, 2026 | Internal disclosure | N/A |
Overview
Hillstone Products License Logic Bypass Vulnerability. The vulnerability is due to the failure of the system to fully verify the authorization data. The attacker can use this defect to bypass the normal authorization mechanism of the device, thus realizing the illegal authorization of the device.
Affected Products & Fix Versions
| PRODUCT | AFFECTED VERSIONS | FIX VERSION |
|---|---|---|
| iSource | Versions before R15 | R15 |
| HSM | Versions below HSM4.1916, versions below HSM5.6.11.2 | HSM5.6.11.2 and HSM4.19.16 |
| HSA | Versions below HSA2.22.6 | HSA2.22.6 |
Remediation & Mitigation
- Repair by upgrading the version.
Contact & Reporting
For technical support and detailed remediation guidance, contact Hillstone Networks support at +1-800-930-6707.
To report security issues in Hillstone products, email PSIRT@hillstonenet.com. Hillstone follows responsible disclosure principles and applicable regulations when handling product security incidents.
Legal notice — Without written authorization from Hillstone Networks, no organization or individual may modify, excerpt, or disseminate the content of this advisory for commercial purposes.
Recent Comments