CVE-2025-23051Code Injection in Packard Enterprise HPE Aruba Networking AOS

CWE-94Code Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.3%
top 47.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hewlett Packard Enterprise HPE Aruba Networking AOS
Timeline
PublishedJan 14

Description

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_aos10.4.0.010.4.1.4+2

🔴Vulnerability Details

2
CVEList
Authenticated Remote Code Execution in AOS Web-based Management Interface2025-01-14
GHSA
GHSA-cfxg-rvg8-6h6c: An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems2025-01-14
CVE-2025-23051 — Code Injection | cvebase