CVE-2025-5161 is a path traversal vulnerability identified in the H3C SecCenter SMP-E1114P02 product, specifically affecting versions up to 20250513. The vulnerability resides in the function operationDailyOut within the /safeEvent/download endpoint. An attacker can manipulate the 'filename' parameter to traverse directories on the server, potentially accessing files outside the intended directory scope. This vulnerability can be exploited remotely without requiring user interaction or authentication, increasing its risk profile. The CVSS 4.0 base score is 5.3 (medium severity), reflecting that the attack vector is network-based with low attack complexity and no privileges or user interaction needed. The impact on confidentiality is low, as the vulnerability allows limited file access, but it does not directly affect integrity or availability. The vendor was notified but has not responded or provided a patch, and while no known exploits are currently in the wild, the exploit details have been publicly disclosed, increasing the likelihood of exploitation attempts. This vulnerability is significant because path traversal can lead to unauthorized disclosure of sensitive files, potentially exposing configuration files, credentials, or logs that could facilitate further attacks or data breaches.

For European organizations using H3C SecCenter SMP-E1114P02, this vulnerability poses a risk of unauthorized information disclosure. Sensitive internal files could be accessed by remote attackers, potentially exposing security configurations, user data, or system credentials. This could lead to further compromise, including privilege escalation or lateral movement within the network. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and critical infrastructure, may face compliance risks and reputational damage if sensitive data is exposed. Although the vulnerability does not directly impact system integrity or availability, the confidentiality breach alone can have serious consequences, especially if attackers leverage the disclosed information for subsequent attacks. The lack of vendor response and patch availability increases the urgency for organizations to implement compensating controls to mitigate risk.

Since no official patch is available, European organizations should implement the following specific mitigations: 1) Restrict access to the /safeEvent/download endpoint using network-level controls such as firewalls or web application firewalls (WAFs) to limit exposure to trusted IP addresses only. 2) Employ input validation and filtering at the proxy or WAF level to detect and block path traversal patterns in the 'filename' parameter (e.g., sequences like '../'). 3) Monitor and log all access attempts to the vulnerable endpoint to detect suspicious activity indicative of exploitation attempts. 4) Conduct an internal audit of the files accessible via this endpoint to identify and remove or secure sensitive files that should not be exposed. 5) Consider isolating or segmenting the affected system within the network to reduce the blast radius in case of compromise. 6) Engage with H3C support channels persistently for updates or patches and subscribe to vulnerability advisories for timely information. 7) As a longer-term measure, evaluate alternative security event management solutions with better security track records if patching is delayed indefinitely.