CVE-2025-27084

Summary

A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.7.0.0 <= 10.7.1.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.4.0.0 <= 10.4.1.6affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.12.0.0 <= 8.12.0.3affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.10.0.0 <= 8.10.0.15affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References