CVE-2025-23060 MEDIUM

CVE-2025-23060: Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking ClearPass Policy Manager
Published February 4, 2025
Last update March 13, 2025

CVSS base score

6.6/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
March 13, 2025 Record updated