CVE-2025-27080 MEDIUM

CVE-2025-27080: Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface

Vendor Hewlett Packard Enterprise (Hpe)
Product AOS-CX
Published March 18, 2025
Last update March 18, 2025

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.

Key dates

02Disclosure timeline

March 18, 2025 CVE published
March 18, 2025 Record updated