CVE-2025-25042 MEDIUM

CVE-2025-25042: Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface

Vendor Hewlett Packard Enterprise (Hpe)
Product AOS-CX
Published March 18, 2025
Last update March 18, 2025

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.

Key dates

02Disclosure timeline

March 18, 2025 CVE published
March 18, 2025 Record updated