Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer
CVE-2025-23057

5.4MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Fabric Composer (afc)
Vendor: CVE Published:; 28 January 2025

What is CVE-2025-23057?

A vulnerability exists in the web management interface of HPE Aruba Networking Fabric Composer that could allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack. If exploited, this flaw permits a malicious actor to run arbitrary script code in the web browser of an affected user, potentially compromising session integrity and user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HPE Aruba Networking Fabric Composer (AFC) 7.0.0 <= 7.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

m0x_noob via HPE Aruba Networking's Bug Bounty Program

JSON

HP (HP)