CVE-2025-23053

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arubanetworks:fabric_composer:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2025-01-28 18:15

Updated : 2025-04-16 18:48

NVD link : CVE-2025-23053

Mitre link : CVE-2025-23053

CVE.ORG link : CVE-2025-23053

JSON object : View

Products Affected

arubanetworks

fabric_composer

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-23053", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-28T18:15:38.987", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US", "tags": ["Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios en la interfaz de administraci\u00f3n basada en web de HPE Aruba Networking Fabric Composer. Una explotaci\u00f3n exitosa podr\u00eda permitir que un usuario operador autenticado con privilegios bajos cambie el estado de ciertas configuraciones de una sistema vulnerable."}], "lastModified": "2025-04-16T18:48:12.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:fabric_composer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE4C645-BEDA-478A-8003-89A8AC66F9AD", "versionEndExcluding": "7.1.1", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}