Security Advisories
Hillstone Network Security Advisories
Hillstone Networks Product Security Incident Response Team (PSIRT) is responsible for receiving, assessing, and publicly disclosing security vulnerabilities affecting Hillstone products and services. As the company’s official vulnerability disclosure channel, Hillstone Networks PSIRT is dedicated to protecting customers and partners through responsible disclosure practices and by ensuring compliance with applicable laws and regulations in the management and remediation of product security issues.
Hillstone HSM offline Interface XXE Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0041MediumJuly 03, 2025External submissionN/A Overview Hillstone HSM offline Interface XXE Vulnerability. The vulnerability is that the system does not strictly filter the XML data incoming from users,...
Hillstone HSM write-sn Interface XXE Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0040MediumJuly 03, 2025External submissionN/A Overview Hillstone HSM write-sn Interface XXE Vulnerability. The vulnerability is that the system does not strictly filter the XML data incoming from users,...
Hillstone HSA Arbitrary File Read Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0014MediumApril 29, 2025External submissionN/A Overview Hillstone HSA Arbitrary File Read Vulnerability. The vulnerability is due to the fact that the system does not limit the path location of the requested...
Hillstone HSA Command Injection Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0028HighApril 29, 2025External submissionN/A Overview Hillstone HSA Command Injection Vulnerability. This vulnerability is due to the fact that the system does not effectively filter the user's input and...
Hillstone HSA Command Injection Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0025HighApril 29, 2025External submissionN/A Overview Hillstone HSA Command Injection Vulnerability. This vulnerability is due to the fact that the system does not effectively filter the user's input and...
Hillstone HSA Multiple Command Injection Vulnerabilities
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0015HighApril 29, 2025External submissionN/A Overview Hillstone HSA Multiple Command Injection Vulnerabilities. These vulnerabilities are caused by the fact that the system does not effectively filter the...
Hillstone HSA Stored Cross-Site Scripting (Stored XSS) Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0026LowApril 29, 2025External submissionN/A Overview Hillstone HSA Stored Cross-Site Scripting (Stored XSS) Vulnerability. Unauthorized attackers can attack users through persistent malicious scripts, which can...
Hillstone Products Command Injection Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0012HighApril 29, 2025External submissionN/A Overview Hillstone Products Command Injection Vulnerability. This vulnerability is due to the fact that the system does not effectively filter the user's input and...
Hillstone LMS Arbitrary File Read Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2025-0013MediumApril 29, 2025External submissionN/A Overview An SSRF vulnerabilityHillstone LMS Arbitrary File Read Vulnerability. Due to the insufficient verification of user input by LMS, attackers with login...
Hillstone StoneOS Absolute Path Disclosure Vulnerability
Advisory IDSeverityRelease DateReported ByCVE IDHSVD-2024-0026LowFebruary 17, 2025External submissionN/A Overview Hillstone StoneOS Absolute Path Disclosure Vulnerability. Malicious attackers can obtain the absolute path information of the server by sending special...
For the 4th year in a row, Hillstone Networks has been recognized in Gartner Peer Insights Customers’ Choice for Network Firewalls.
The Customers’ Choice is a rating of vendors in a given market — for Hillstone, it’s Network Firewalls — that take into account both the number of reviews and the overall user rating. Based on feedback and ratings from our end users who have purchased, implemented and are happily using our products and services, Hillstone’s overall rating came to 4.9.
