CVE-2025-23059 — Path Traversal in Clearpass Policy Manager

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

CNA6.8

EPSS

0.2%

top 63.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Clearpass Policy Manager Hewlett Packard Enterprise HPE Aruba Networking Clearpass Policy Manager

Timeline

PublishedFeb 4

Description

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_clearpass_policy_manager6.12.0 — <=6.12.3+1

▶NVDarubanetworks/clearpass_policy_manager6.11.0 — 6.11.10+1

🔴Vulnerability Details

GHSA

GHSA-95p6-mvh4-q6jg: A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive inform↗2025-02-04

▶

CVEList

Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager↗2025-02-04

▶