CVE-2025-37122 Unauthenticated Reflected Cross-Site Scripting

🗓️ 17 Sep 2025 19:31:19Reported by hpeType

Unauthenticated attacker can exploit reflected cross site scripting in web management interface to run JavaScript.

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2025-37122	17 Sep 202519:45	–	circl
CNNVD	HPE Aruba Networking ClearPass Policy Manager 安全漏洞	17 Sep 202500:00	–	cnnvd
CVE	CVE-2025-37122	17 Sep 202519:31	–	cve
EUVD	EUVD-2025-29773	3 Oct 202520:07	–	euvd
NVD	CVE-2025-37122	17 Sep 202520:15	–	nvd
Positive Technologies	PT-2025-38257	17 Sep 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-37122	19 Sep 202520:37	–	redhatcve
Vulnrichment	CVE-2025-37122 Unauthenticated Reflected Cross-Site Scripting	17 Sep 202519:31	–	vulnrichment

[
  {
    "defaultStatus": "affected",
    "product": "HPE Aruba Networking ClearPass Policy Manager",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "6.12.5",
        "status": "affected",
        "version": "6.12.0",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "6.11.12",
        "status": "affected",
        "version": "6.11.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpesc/public/docDisplay

17 Sep 2025 19:31Current

CVSS 3.16.1

EPSS0.00235