Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer
CVE-2025-23056

5.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Fabric Composer (afc)
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability exists within the web management interface of HPE Aruba Networking Fabric Composer that allows an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack. This security flaw enables the attacker to execute arbitrary script code in the web browsers of users accessing the compromised interface, potentially leading to unauthorized data access and manipulation.

Affected Version(s)

HPE Aruba Networking Fabric Composer (AFC) 7.0.0 <= 7.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

m0x_noob via HPE Aruba Networking's Bug Bounty Program