CVE-2025-25039OS Command Injection in Clearpass Policy Manager

CWE-78OS Command Injection3 documents3 sources
Severity
8.8HIGHNVD
CNA4.7
EPSS
0.2%
top 57.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks Clearpass Policy ManagerHewlett Packard Enterprise HPE Aruba Networking Clearpass Policy Manager
Timeline
PublishedFeb 4

Description

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/clearpass_policy_manager6.11.06.11.10+1

🔴Vulnerability Details

2
GHSA
GHSA-v28f-46mh-g2w2: A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run2025-02-04
CVEList
Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface2025-02-04
CVE-2025-25039 — OS Command Injection | cvebase