CVE-2025-23060
published 2025-02-04CVE-2025-23060: A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this…
PriorityP344high8.1CVSS 3.1
AVNACHPRNUINSUCHIHAH
EPSS
0.22%
12.0th percentile
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| arubanetworks | clearpass_policy_manager | >= 6.11.0 < 6.11.10 | 6.11.10 |
| arubanetworks | clearpass_policy_manager | >= 6.12.0 < 6.12.4 | 6.12.4 |
| hewlett_packard_enterprise | hpe_aruba_networking_clearpass_policy_manager | 6.11.0 – <=6.11.9 | — |
| hewlett_packard_enterprise | hpe_aruba_networking_clearpass_policy_manager | 6.12.0 – <=6.12.3 | — |
| linux | linux_kernel | >= 0 < 4.4.0-279.313 | 4.4.0-279.313 |
| linux | linux_kernel | >= 0 < 4.15.0-248.260 | 4.15.0-248.260 |
CVSS provenance
nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities
osv·2026-04-06·CVSS 5.5
CVE-2024-46777 linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities
linux-gcp, linux-gcp-4.15, linux-gcp-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Cryptographic API;
- UDF file system;
- NFC subsystem;
- Network traffic control;
(CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060,
CVE-2026-23074)
OSV
linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-04-02·CVSS 5.5
CVE-2024-46777 linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Cryptographic API;
- UDF file system;
- NFC subsystem;
- Network traffic control;
(CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060,
CVE-2026-23074)
OSV
linux-fips vulnerabilities
osv·2026-04-02·CVSS 5.5
CVE-2021-47142 linux-fips vulnerabilities
linux-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- GPU drivers;
- BTRFS file system;
- GFS2 file system;
- UDF file system;
- NFC subsystem;
- Network traffic control;
(CVE-2021-47142, CVE-2021-47145, CVE-2021-47254, CVE-2024-46777,
CVE-2025-21735, CVE-2026-23060, CVE-2026-23074)
OSV
linux-fips, linux-aws-fips vulnerabilities
osv·2026-04-02·CVSS 5.5
CVE-2024-46777 linux-fips, linux-aws-fips vulnerabilities
linux-fips, linux-aws-fips vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- Cryptographic API;
- UDF file system;
- NFC subsystem;
- Network traffic control;
(CVE-2024-46777, CVE-2025-21735, CVE-2025-37849, CVE-2026-23060,
CVE-2026-23074)
OSV
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
osv·2026-04-01·CVSS 5.5
CVE-2021-47142 linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
linux, linux-aws, linux-kvm, linux-lts-xenial vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- GPU drivers;
- BTRFS file system;
- GFS2 file system;
- UDF file system;
- NFC subsystem;
- Network traffic control;
(CVE-2021-47142, CVE-2021-47145, CVE-2021-47254, CVE-2024-46777,
CVE-2025-21735, CVE-2026-23060, CVE-2026-23074)
GHSA
GHSA-h8gw-9qqq-m7gv: A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information
ghsa_unreviewed·2025-02-04
CVE-2025-23060 [MEDIUM] CWE-319 GHSA-h8gw-9qqq-m7gv: A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-04
Published