CVE-2025-23059 MEDIUM

CVE-2025-23059: Sensitive Information Disclosure in HPE Aruba Networking ClearPass Policy Manager

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking ClearPass Policy Manager
Published February 4, 2025
Last update March 13, 2025

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. If exploited successfully, this vulnerability allows an authenticated remote attacker with high privileges to access and retrieve sensitive data, potentially compromising the integrity and security of the entire system.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
March 13, 2025 Record updated