Multiple critical vulnerabilities have been discovered in HPE Aruba Network, affecting its AOS Controllers, Gateways, and Mobility Conductor products.
Specifically, two vulnerabilities—CVE-2025-23051 and CVE-2025-23052—pose significant security risks, allowing attackers to execute arbitrary code and commands remotely.
The vulnerabilities affect multiple versions of the ArubaOS, necessitating immediate attention from network administrators and organizations utilizing HPE Aruba Networking solutions.
CVE-2025-23051: Authenticated Remote Code Execution
This vulnerability exists within the web-based management interface of the AOS-8 and AOS-10 operating systems. It allows an authenticated user to perform parameter injection, potentially overwriting arbitrary system files.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
HPE suggests restricting access to the CLI and web-based management interfaces to a dedicated layer 2 segment/VLAN and implementing firewall policies at layer 3 and above.
CVE-2025-23052: Authenticated Command Injection
This vulnerability in the command line interface (CLI) allows an attacker with authenticated access to execute arbitrary commands with privileged user permissions on the underlying operating system.
Similar to CVE-2025-23051, HPE recommends restricting CLI and web-based management interface access to secure VLANs and enforcing robust firewall policies.
The vulnerabilities affect the following HPE Aruba Networking products:
- Mobility Conductor
- Mobility Controllers
- WLAN and SD-WAN Gateways are managed by HPE Aruba Networking Central
Affected Software Versions
- AOS-10.4.x.x: 10.4.1.4 and below
- AOS-8.12.x.x: 8.12.0.2 and below
- AOS-8.10.x.x: 8.10.0.14 and below
End Of Maintenance (EoM) Versions Affected But Not Patched Include:
- AOS-10.6.x.x: All
- AOS-10.5.x.x: All
- AOS-10.3.x.x: All
- AOS-8.11.x.x: All
- AOS-8.9.x.x: All
- AOS-8.8.x.x: All
- AOS-8.7.x.x: All
- AOS-8.6.x.x: All
- AOS-6.5.4.x: All
- SD-WAN 8.7.0.0-2.3.0.x: All
- SD-WAN 8.6.0.4-2.2.x.x: All
Workaround And Mitigation
- To minimize the risk of exploitation, users are encouraged to:
- Implement VLAN segmentation for management interfaces.
- Enforce strict firewall rules to limit access.
- Regularly audit user permissions and access logs.
HPE Aruba Networking recommends upgrading to the following ArubaOS versions to mitigate the identified vulnerabilities:
- AOS-10.7.x.x: 10.7.0.0 and above
- AOS-10.4.x.x: 10.4.1.5 and above
- AOS-8.12.x.x: 8.12.0.3 and above
- AOS-8.10.x.x: 8.10.0.15 and above
These vulnerabilities highlight the importance of proactive security measures in network management systems. Network administrators are urged to take immediate action by upgrading affected systems and implementing recommended security measures to protect against potential threats.
Integrating Application Security into Your CI/CD Workflows Using Jenkins & Jira -> Free Webinar