CVE-2025-23058

Description

A vulnerability in the ClearPass Policy Manager web-based management interface allows a low-privileged (read-only) authenticated remote attacker to gain unauthorized access to data and the ability to execute functions that should be restricted to administrators only with read/write privileges. Successful exploitation could enable a low-privileged user to execute administrative functions leading to an escalation of privileges.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

Hewlett Packard Enterprise (HPE) / HPE Aruba Networking ClearPass Policy Manager6.12.0 – <=6.12.3
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking ClearPass Policy Manager6.11.0 – <=6.11.9

References

MISChttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04784en_us&docLocale=en_US