CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface

🗓️ 14 Jan 2025 17:35:25Reported by hpeType

Authenticated vulnerability in AOS systems allows parameter injection to overwrite system files.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-23051	14 Jan 202518:10	–	circl
CNNVD	Hewlett Packard Enterprise ArubaOS 安全漏洞	14 Jan 202500:00	–	cnnvd
CVE	CVE-2025-23051	14 Jan 202517:35	–	cve
EUVD	EUVD-2025-3094	3 Oct 202520:07	–	euvd
NVD	CVE-2025-23051	14 Jan 202518:16	–	nvd
Positive Technologies	PT-2025-4793 · Aruba · Arubaos	14 Jan 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-23051	9 Jan 202608:46	–	redhatcve
Vulnrichment	CVE-2025-23051 Authenticated Remote Code Execution in AOS Web-based Management Interface	14 Jan 202517:35	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "HPE Aruba Networking AOS",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "10.4.1.4",
        "status": "affected",
        "version": "10.4.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.12.0.2",
        "status": "affected",
        "version": "8.12.0.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "8.10.0.14",
        "status": "affected",
        "version": "8.10.0.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpesc/public/docDisplay

14 Jan 2025 17:37Current

CVSS 3.17.2

EPSS0.00687