CVE-2025-25042 (GCVE-0-2025-25042)
Vulnerability from cvelistv5
Published
2025-03-18 19:02
Modified
2025-03-18 19:27
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-CX |
Version: 10.10.0000 ≤ <=10.10.1140 Version: 10.13.0000 ≤ <=10.13.1070 Version: 10.14.0000 ≤ <=10.14.1030 Version: 10.15.0000 ≤ <=10.15.1000 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-25042",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:24:27.664231Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:27:35.020Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.10.1140",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.13.1070",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.14.1030",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.15.1000",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dugisan3rd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.\u003c/p\u003e"
}
],
"value": "A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:02:02.192Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04818",
"discovery": "EXTERNAL"
},
"title": "Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-25042",
"datePublished": "2025-03-18T19:02:02.192Z",
"dateReserved": "2025-01-31T21:19:15.435Z",
"dateUpdated": "2025-03-18T19:27:35.020Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-25042\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2025-03-18T19:15:49.447\",\"lastModified\":\"2025-03-18T20:15:26.177\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US\",\"source\":\"security-alert@hpe.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-25042\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T19:24:27.664231Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-359\", \"description\": \"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T19:27:30.194Z\"}}], \"cna\": {\"title\": \"Authenticated Access Control Vulnerability allows Sensitive Information Disclosure in AOS-CX REST Interface\", \"source\": {\"advisory\": \"HPESBNW04818\", \"discovery\": \"EXTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"dugisan3rd\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 4.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"LOW\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"AOS-CX\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.10.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.10.1140\"}, {\"status\": \"affected\", \"version\": \"10.13.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.13.1070\"}, {\"status\": \"affected\", \"version\": \"10.14.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.14.1030\"}, {\"status\": \"affected\", \"version\": \"10.15.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.15.1000\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eA vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2025-03-18T19:02:02.192Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-25042\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-18T19:27:35.020Z\", \"dateReserved\": \"2025-01-31T21:19:15.435Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2025-03-18T19:02:02.192Z\", \"assignerShortName\": \"hpe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…