6.5

CVE-2025-37160

EPSS 0.04%
Veröffentlicht 18.11.2025 18:54:09
Zuletzt bearbeitet 04.12.2025 18:18:12
Quelle security-alert@hpe.com
CVE-Watchlists
Login
Unerledigt
Login

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Hpe ≫ Arubaos-cx Version >= 10.10.0000 < 10.10.1170

Hpe ≫ Arubaos-cx Version >= 10.13.0000 < 10.13.1101

Hpe ≫ Arubaos-cx Version >= 10.14.0000 < 10.14.1060

Hpe ≫ Arubaos-cx Version >= 10.15.0000 < 10.15.1030

Hpe ≫ Arubaos-cx Version >= 10.16.0000 < 10.16.1001

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.122

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
security-alert@hpe.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-37160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-37160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-37160

EUVD