CVE-2025-23054

Name of the Vulnerable Software and Affected Versions HPE Aruba Networking Fabric Composer (affected versions not specified)

Description A vulnerability in the web-based management interface of HPE Aruba Networking Fabric Composer is related to access control errors. This issue could allow an authenticated low-privilege operator user to perform operations not permitted by their privilege level. Successful exploitation could enable an attacker to manipulate user-generated files, potentially leading to unauthorized changes in critical system configurations. An attacker could also remotely elevate their privileges, access protected information, and modify system settings.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.