CVE-2025-27080

MEDIUM

AOS-CX - Info Disclosure

Title source: llm

Description

Vulnerabilities in the command line interface of AOS-CX could allow an authenticated remote attacker to expose sensitive information. Successful exploitation could allow an attacker to gain unauthorized access to services outside of the impacted switch, potentially leading to lateral movement involving those services.

References (1)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US

Scores

CVSS v3 6.0

EPSS 0.0009

EPSS Percentile 25.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (4)

Hewlett Packard Enterprise (HPE)/AOS-CX 10.10.0000 - <=10.10.1140

Hewlett Packard Enterprise (HPE)/AOS-CX 10.13.0000 - <=10.13.1070

Hewlett Packard Enterprise (HPE)/AOS-CX 10.14.0000 - <=10.14.1030

Hewlett Packard Enterprise (HPE)/AOS-CX 10.15.0000 - <=10.15.1000

Published Mar 18, 2025

Tracked Since Feb 18, 2026