CVE-2025-23058
Authenticated Broken Access Control Vulnerability in ClearPass Policy Manager Web-Based Management Interface
In short
A read-only user in ClearPass Policy Manager can bypass access controls to perform administrator functions they shouldn't be allowed to do. This lets them make unauthorized changes and gain higher privileges than intended.
Technical detail
Authenticated users with read-only privileges can exploit broken access control in the web management interface to execute administrative functions and access restricted data. The vulnerability stems from inadequate privilege validation, allowing horizontal and vertical privilege escalation without requiring additional credentials.
Summary generated and translated by AI from the official description.
A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →