CVE-2025-23051

Summary

An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.4.0.0 <= 10.4.1.4affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.12.0.0 <= 8.12.0.2affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.10.0.0 <= 8.10.0.14affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References