CVE-2025-27080 (GCVE-0-2025-27080)
Vulnerability from cvelistv5
Published
2025-03-18 19:02
Modified
2025-03-18 19:32
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | AOS-CX |
Version: 10.10.0000 ≤ <=10.10.1140 Version: 10.13.0000 ≤ <=10.13.1070 Version: 10.14.0000 ≤ <=10.14.1030 Version: 10.15.0000 ≤ <=10.15.1000 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-27080",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-18T19:32:04.221989Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:32:15.822Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "\u003c=10.10.1140",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.13.1070",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.14.1030",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "\u003c=10.15.1000",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Internal Engineering"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eVulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.\u003c/p\u003e"
}
],
"value": "Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-18T19:02:30.151Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04818",
"discovery": "INTERNAL"
},
"title": "Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-27080",
"datePublished": "2025-03-18T19:02:30.151Z",
"dateReserved": "2025-02-18T14:05:41.921Z",
"dateUpdated": "2025-03-18T19:32:15.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-27080\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2025-03-18T19:15:50.680\",\"lastModified\":\"2025-03-18T20:15:26.300\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-359\"}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US\",\"source\":\"security-alert@hpe.com\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-27080\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-18T19:32:04.221989Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-359\", \"description\": \"CWE-359 Exposure of Private Personal Information to an Unauthorized Actor\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-18T19:31:50.146Z\"}}], \"cna\": {\"title\": \"Authenticated Sensitive Information Disclosure exposes Credentials in AOS-CX Command Line Interface\", \"source\": {\"advisory\": \"HPESBNW04818\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Internal Engineering\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"HIGH\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"AOS-CX\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.10.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.10.1140\"}, {\"status\": \"affected\", \"version\": \"10.13.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.13.1070\"}, {\"status\": \"affected\", \"version\": \"10.14.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.14.1030\"}, {\"status\": \"affected\", \"version\": \"10.15.0000\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"\u003c=10.15.1000\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us\u0026docLocale=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eVulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2025-03-18T19:02:30.151Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-27080\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-03-18T19:32:15.822Z\", \"dateReserved\": \"2025-02-18T14:05:41.921Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2025-03-18T19:02:30.151Z\", \"assignerShortName\": \"hpe\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…