- 16/2025
- High
Aruba has released security updatesto fix several vulnerabilities affecting multiple Aruba products.
The addressed vulnerabilities could allow the attacker to manipulate data to view, add, modify, delete, or execute arbitrary commands/codes and gain access to the affected systems.
Sample of the addressed vulnerabilities:
1. HPE Aruba Authenticated Remote Code Execution in AOS Web-based Management Interface Vulnerability (CVE-2025-23051):
- CVSS: 7.2
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Access
2. HPE Telco Service Orchestrator Remote Unauthorized Data Injection Vulnerability (CVE-2024-52798):
- CVSS: 5.3
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Data Manipulation
Sample of the affected products:
- HPE Aruba Networking Mobility Conductor.
- HPE Aruba Networking Mobility Controllers.
- HPE Telco Service Orchestrator Software.
- WLAN and SD-WAN Gateways managed by HPE Aruba Networking Central.
Vulnerabilities
- CVE-2025-23051
- CVE-2025-23052
- CVE-2024-52798
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.