CVE-2025-25042

MEDIUM

HPE AOS-CX Sensitive Information Exposure via REST Interface

Title source: llm

Description

A vulnerability in the AOS-CX REST interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation could allow an attacker to read encrypted credentials of other users on the switch, potentially leading to further unauthorized access or data breaches.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US

Scores

CVSS v3 4.3

EPSS 0.0029

EPSS Percentile 20.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (4)

Hewlett Packard Enterprise (HPE)/AOS-CX 10.10.0000 - <=10.10.1140

Hewlett Packard Enterprise (HPE)/AOS-CX 10.13.0000 - <=10.13.1070

Hewlett Packard Enterprise (HPE)/AOS-CX 10.14.0000 - <=10.14.1030

Hewlett Packard Enterprise (HPE)/AOS-CX 10.15.0000 - <=10.15.1000

Published Mar 18, 2025

Tracked Since Feb 18, 2026