CVE-2025-23052

Summary

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.4.0.0 <= 10.4.1.4affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.12.0.0 <= 8.12.0.2affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.10.0.0 <= 8.10.0.14affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References