CVE-2025-23053

A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:arubanetworks:fabric_composer:*:*:*:*:*:*:*:*

History

16 Apr 2025, 18:48

Type	Values Removed	Values Added
First Time		Arubanetworks Arubanetworks fabric Composer
References	~~() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US -~~	() https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US - Vendor Advisory
CPE		cpe:2.3:a:arubanetworks:fabric_composer::::::::

13 Mar 2025, 19:15

Type	Values Removed	Values Added
Summary		(es) Existe una vulnerabilidad de escalada de privilegios en la interfaz de administración basada en web de HPE Aruba Networking Fabric Composer. Una explotación exitosa podría permitir que un usuario operador autenticado con privilegios bajos cambie el estado de ciertas configuraciones de una sistema vulnerable.
CWE		CWE-863

28 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-28 18:15

Updated : 2025-04-16 18:48

NVD link : CVE-2025-23053

Mitre link : CVE-2025-23053

CVE.ORG link : CVE-2025-23053

JSON object : View

Products Affected

arubanetworks

fabric_composer

CWE

CWE-863

Incorrect Authorization

{"id": "CVE-2025-23053", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-alert@hpe.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-01-28T18:15:38.987", "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04775en_us&docLocale=en_US", "tags": ["Vendor Advisory"], "source": "security-alert@hpe.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-863"}]}], "descriptions": [{"lang": "en", "value": "A privilege escalation vulnerability exists in the web-based management interface of HPE Aruba Networking Fabric Composer. Successful exploitation could allow an authenticated low privilege operator user to change the state of certain settings of a vulnerable system."}, {"lang": "es", "value": "Existe una vulnerabilidad de escalada de privilegios en la interfaz de administraci\u00f3n basada en web de HPE Aruba Networking Fabric Composer. Una explotaci\u00f3n exitosa podr\u00eda permitir que un usuario operador autenticado con privilegios bajos cambie el estado de ciertas configuraciones de una sistema vulnerable."}], "lastModified": "2025-04-16T18:48:12.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:arubanetworks:fabric_composer:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4BE4C645-BEDA-478A-8003-89A8AC66F9AD", "versionEndExcluding": "7.1.1", "versionStartIncluding": "7.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-alert@hpe.com"}