Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer
CVE-2025-23056
5.4MEDIUM
What is CVE-2025-23056?
A vulnerability exists within the web management interface of HPE Aruba Networking Fabric Composer that allows an authenticated remote attacker to perform a stored cross-site scripting (XSS) attack. This security flaw enables the attacker to execute arbitrary script code in the web browsers of users accessing the compromised interface, potentially leading to unauthorized data access and manipulation.
Affected Version(s)
HPE Aruba Networking Fabric Composer (AFC) 7.0.0 <= 7.1.0
References
CVSS V3.1
Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
m0x_noob via HPE Aruba Networking's Bug Bounty Program