Stored Cross-Site Scripting Vulnerability in HPE Aruba Networking Fabric Composer
CVE-2025-23057

5.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Fabric Composer (afc)
Vendor: CVE Published:; 28 January 2025

Summary

A vulnerability exists in the web management interface of HPE Aruba Networking Fabric Composer that could allow an authenticated remote attacker to execute a stored cross-site scripting (XSS) attack. If exploited, this flaw permits a malicious actor to run arbitrary script code in the web browser of an affected user, potentially compromising session integrity and user data.

Affected Version(s)

HPE Aruba Networking Fabric Composer (AFC) 7.0.0 <= 7.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jan 28, 2025
Vulnerability Reserved
Jan 10, 2025

Credit

m0x_noob via HPE Aruba Networking's Bug Bounty Program