19
CVEs
0
Critical
7
High
0
KEV
0
PoC
7
Unpatched C/H
0.0%
Patch Rate
0.1%
Avg EPSS
Severity Breakdown
CRITICAL
0
HIGH
7
MEDIUM
10
LOW
2
Monthly CVE Trend
Affected Products (8)
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2026-23818 | Open redirect vulnerability in HPE Aruba Networking Private 5G Core On-Prem GUI enables credential harvesting attacks against authenticated users. Remote attackers can craft malicious URLs that redirect victims from the legitimate login flow to attacker-controlled phishing pages designed to capture credentials. With CVSS 8.8 (High) severity and network-reachable attack surface requiring no authentication, this represents significant phishing risk for organizations deploying private 5G infrastructure. No public exploit identified at time of analysis, though exploitation requires minimal technical complexity. | HIGH | 8.8 | 0.0% | 44 |
No patch
|
| CVE-2025-37127 | A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Rated high severity (CVSS 7.2). No vendor patch available. | HIGH | 7.2 | 0.0% | 36 |
No patch
|
| CVE-2025-23059 | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager exposes directories containing sensitive information. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.8 | 0.2% | 34 |
No patch
|
| CVE-2025-37128 | A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.8 | 0.1% | 34 |
No patch
|
| CVE-2025-25041 | A vulnerability in the HPE Aruba Networking Virtual Intranet Access (VIA) client could allow malicious users to overwrite arbitrary files as NT AUTHORITY\SYSTEM (root). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available. | MEDIUM | 5.5 | 0.1% | 28 |
No patch
|
| CVE-2025-25039 | A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager (CPPM) allows remote authenticated users to run arbitrary commands on the underlying host. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 4.7 | 0.1% | 24 |
No patch
|
| CVE-2025-25040 | A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches -. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available. | LOW | 3.3 | 0.0% | 17 |
No patch
|
| CVE-2024-54010 | A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. Rated low severity (CVSS 3.4), this vulnerability is no authentication required. No vendor patch available. | LOW | 3.4 | 0.0% | – |
No patch
|
| CVE-2025-23053 | A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.5 | 0.1% | – |
No patch
|
| CVE-2025-23054 | A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer could allow an authenticated low privilege operator user to perform operations not allowed by their. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 6.5 | 0.1% | – |
No patch
|
| CVE-2025-23055 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 5.5 | 0.1% | – |
No patch
|
| CVE-2025-23056 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 5.5 | 0.1% | – |
No patch
|
| CVE-2025-23057 | A vulnerability in the web management interface of HPE Aruba Networking Fabric Composer could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | MEDIUM | 5.5 | 0.1% | – |
No patch
|
| CVE-2025-23060 | A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available. | MEDIUM | 6.6 | 0.1% | – |
No patch
|
| CVE-2025-37123 | A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available. | HIGH | 8.8 | 0.2% | – |
No patch
|