EUVD-2025-17676CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3Description
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users. A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
Analysis
Path traversal vulnerability in HPE Aruba Networking Private 5G Core APIs that allows authenticated users to iteratively navigate the filesystem and download sensitive system files. The vulnerability affects the Private 5G Core platform with a CVSS score of 7.7 (high severity) due to confidentiality impact across system boundaries. While requiring low-privilege authentication and network access, successful exploitation directly exposes protected system files containing sensitive configuration and credential data.
Technical Context
This vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory - 'Path Traversal'), a classic input validation flaw where API endpoints fail to properly sanitize or validate user-supplied path parameters. The HPE Aruba Networking Private 5G Core uses REST APIs for system management and file operations; these APIs do not adequately restrict directory traversal sequences (such as '../' or absolute path references). An attacker with valid API credentials can craft sequential requests that progressively navigate up the directory tree (../../../../etc/passwd) or reference absolute paths (/etc/shadow) to access files outside the intended restricted directory. The vulnerability exists in the API layer itself rather than in underlying OS protections, suggesting inadequate input validation in the application code handling file retrieval operations. The Private 5G Core is a telecom-grade platform typically deployed in carrier networks, making the exposure of system files particularly sensitive.
Affected Products
HPE Aruba Networking Private 5G Core - specific vulnerable versions not explicitly stated in description but inferred to include current/recent releases. CPE would typically follow pattern: cpe:2.7:a:hpe:aruba_private_5g_core:*. Affected configurations include any deployment where the Private 5G Core APIs are accessible to authenticated users (including service accounts, operators, or management interfaces). The vulnerability impacts the core platform's REST API layer used for system administration, file management, and operational tasks. Without explicit version boundaries from vendor advisories, assume all current versions are vulnerable until HPE/Aruba publishes patched releases.
Remediation
Immediate actions: (1) Review and restrict API access controls - implement principle of least privilege for API credentials and limit which user roles/accounts can access file retrieval APIs; (2) Implement network segmentation - isolate Private 5G Core management APIs to trusted administrative networks only, disable external API exposure if not operationally required; (3) Enable API request logging and monitoring - detect repeated '../' patterns or suspicious path parameters in API logs as an interim detection control; (4) Rotate sensitive credentials/files that may have been exposed via this vector (system accounts, API keys, certificates). Permanent remediation: (1) Await and apply HPE/Aruba security patch (version numbers to be specified in vendor advisory - monitor HPE security advisory portal and PSIRT notifications); (2) Implement input validation/filtering on all API endpoints handling file paths - whitelist allowed directories and reject traversal sequences; (3) Verify patched version removes ability to use '../' or absolute paths in file API parameters. Link to vendor: Monitor HPE Aruba Networking security advisories at https://www.arubanetworks.com/en-us/support/security-advisories/ and HPE PSIRT for CVE-2025-37100 patch details.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today