CVE-2025-25042

MEDIUM

AOS-CX - Info Disclosure

Title source: llm

Description

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.

References (1)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US

Scores

CVSS v3 4.3

EPSS 0.0022

EPSS Percentile 44.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (4)

Hewlett Packard Enterprise (HPE)/AOS-CX 10.10.0000 - <=10.10.1140

Hewlett Packard Enterprise (HPE)/AOS-CX 10.13.0000 - <=10.13.1070

Hewlett Packard Enterprise (HPE)/AOS-CX 10.14.0000 - <=10.14.1030

Hewlett Packard Enterprise (HPE)/AOS-CX 10.15.0000 - <=10.15.1000

Published Mar 18, 2025

Tracked Since Feb 18, 2026