← volver
CVE-2025-25039

Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface

CVSS 4.7 MEDIUMEPSS 0.6%CWE-78
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 feb 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Productos afectados
Hewlett Packard Enterprise (HPE) · HPE Aruba Networking ClearPass Policy Manager

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US