- 26/2025
- High
Aruba has released security updatesto fix several vulnerabilities affecting multiple Aruba products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, obtain sensitive information, perform cross-site scripting attacks, manipulate data or execute arbitrary commands/codes, and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. ClearPass Policy Manager Web-Based Management Interface Authenticated Broken Access Control Vulnerability (CVE-2025-23058):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. HPE Aruba Networking ClearPass Policy Manager Sensitive Information Disclosure Vulnerability (CVE-2025-23059):
- CVSS: 6.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Obtain Information
Sample of the affected products:
- HPE Aruba Networking Fabric Composer.
- HPE Aruba Networking ClearPass Policy Manager.
Vulnerabilities
- CVE-2025-23053
- CVE-2025-23054
- CVE-2025-23055
- CVE-2025-23056
- CVE-2025-23057
- CVE-2024-21944
- CVE-2024-7348
- CVE-2025-23058
- CVE-2025-23059
- CVE-2025-23060
- CVE-2025-25039
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.