CVE-2025-23060 — Cleartext Transmission of Sensitive Info in Clearpass Policy Manager

CWE-319 — Cleartext Transmission of Sensitive Info8 documents4 sources

Severity

8.1HIGHNVD

CNA6.6

EPSS

0.1%

top 73.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Clearpass Policy Manager Hewlett Packard Enterprise HPE Aruba Networking Clearpass Policy Manager

Timeline

PublishedFeb 4

Latest updateApr 6

Description

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_clearpass_policy_manager6.12.0 — <=6.12.3+1

▶NVDarubanetworks/clearpass_policy_manager6.11.0 — 6.11.10+1

🔴Vulnerability Details

OSV

linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities↗2026-04-06

▶

OSV

linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities↗2026-04-02

▶

OSV

linux-fips vulnerabilities↗2026-04-02

▶

OSV

linux-fips, linux-aws-fips vulnerabilities↗2026-04-02

▶

OSV

linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities↗2026-04-01

▶