Summary: HPE Aruba Networking has released a security advisory regarding multiple vulnerabilities in its ArubaOS systems, which could allow attackers to execute unauthorized commands or overwrite system files. Two critical vulnerabilities have been identified, both with a CVSS score of 7.2, affecting the web-based management interface and the command-line interface. Users are urged to upgrade to the latest software versions to mitigate these risks.
Threat Actor: Unknown | unknown
Victim: HPE Aruba Networking | HPE Aruba Networking
Keypoints :
- Authenticated Remote Code Execution vulnerability in AOS Web-based Management Interface (CVE-2025-23051).
- Authenticated Command Injection vulnerability in the CLI Interface (CVE-2025-23052).
- Users are advised to upgrade to specific AOS versions to address the vulnerabilities.
- Recommended workarounds include restricting access to management interfaces and implementing firewall policies.
Source: https://securityonline.info/hpe-aruba-networking-addresses-security-vulnerabilities-in-aos-systems/