Severity Level: High
Title:
Multiple Vulnerabilities in HPE Aruba Networking ClearPass Policy Manager
Summary:
Hewlett Packard Enterprise (HPE) has identified multiple high-severity vulnerabilities in the HPE
Aruba Networking ClearPass Policy Manager (CPPM). These vulnerabilities could allow attackers to
execute arbitrary code, escalate privileges, disclose sensitive information, and execute unauthorized
commands remotely or locally. Affected versions include ClearPass Policy Manager 6.12.x (up to
6.12.3) and 6.11.x (up to 6.11.9). HPE has released patches to address these vulnerabilities, and
organizations are strongly advised to upgrade to the latest versions immediately.
• CVE-2025-23058: Authenticated Broken Access Control (CVSS 8.8)
• CVE-2024-7348: PostgreSQL Arbitrary SQL Execution (CVSS 7.5)
• CVE-2025-23059: Sensitive Information Disclosure (CVSS 6.8)
• CVE-2025-23060: Sensitive Data Exposure (CVSS 6.6)
• CVE-2025-25039: Authenticated Remote Command Injection (CVSS 4.7)
Fixed versions:
HPE Aruba Networking ClearPass Policy Manager
• 6.12.x: 6.12.4 and above
• 6.11.x: 6.11.10 and above
Recommendations:
•Upgrade ClearPass Policy Manager to the patched versions.
• Contact HPE Services - Aruba Networking for assistance with configuration or upgrade processes
References:
click here