Vulnerability in HPE Aruba Networking Fabric Composer Management Interface
CVE-2025-23054

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Fabric Composer (afc)
Vendor: CVE Published:; 28 January 2025

Summary

A security flaw exists in the web-based management interface of HPE Aruba Networking Fabric Composer that could enable authenticated low-privilege users to execute operations beyond their authorized capabilities. If exploited, this vulnerability may allow an attacker to manipulate user-generated files, which could lead to unauthorized modifications in critical system configurations, impacting overall network integrity and security.

Affected Version(s)

HPE Aruba Networking Fabric Composer (AFC) 7.0.0 <= 7.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

m0x_noob via HPE Aruba Networking's Bug Bounty Program