A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system.
References
| Link | Resource |
|---|---|
| https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Mar 2025, 17:37
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Arubanetworks
Arubanetworks clearpass Policy Manager |
|
| References | () https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US - Vendor Advisory | |
| CPE | cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:* |
13 Mar 2025, 18:15
| Type | Values Removed | Values Added |
|---|---|---|
| Summary |
|
|
| CWE | CWE-78 |
04 Feb 2025, 19:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE | ||
Information
Published : 2025-02-04 19:15
Updated : 2025-03-28 17:37
NVD link : CVE-2025-25039
Mitre link : CVE-2025-25039
CVE.ORG link : CVE-2025-25039
JSON object : View
Products Affected
arubanetworks
- clearpass_policy_manager
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')