Authenticated Remote Command Injection in HPE Aruba Networking ClearPass Policy Manager Web-Based Management Interface
CVE-2025-25039

4.7MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Clearpass Policy Manager
Vendor: CVE Published:; 4 February 2025

Summary

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.

Affected Version(s)

HPE Aruba Networking ClearPass Policy Manager 6.12.0

HPE Aruba Networking ClearPass Policy Manager 6.11.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 31, 2025

Credit

Daniel Jensen (@Dozernz)