-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 HPE Aruba Networking Product Security Advisory =============================== Advisory ID: HPESBNW04950 CVE: CVE-2025-37122 Publication Date: 2025-Sep-17 Status: Confirmed Severity: Medium Revision: 1 Title ===== HPE Aruba Networking ClearPass Policy Manager (CPPM), Reflected Cross Site Scripting (XSS) Overview ======== HPE Aruba Networking has released updates to the ClearPass Policy Manager (CPPM) to address reflected cross site scripting vulnerability. Affected Products ================= This vulnerability affects HPE Aruba Networking ClearPass Policy Manager running the following software versions unless specifically noted otherwise in the details section: HPE Aruba Networking ClearPass Policy Manager - 6.12.x: ClearPass 6.12.5 and below - 6.11.x: ClearPass 6.11.12 and below Versions of HPE Aruba Networking ClearPass Policy Manager that are end of life are affected by these vulnerabilities unless otherwise indicated. Unaffected Products =================== Any other HPE Aruba Networking products not specifically listed above are not affected by these vulnerabilities. Details ======= Unauthenticated Reflected Cross-Site Scripting Allows Account Takeover in Web Interface (CVE-2025-37122) - - --------------------------------------------------------------------- A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browser in the context of the affected interface. Internal References: ATLCP-270 Severity: Medium CVSSv3.x Overall Score: 6.1 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Discovery: This vulnerability was discovered and reported by ricky8368 via HPE Aruba Networking Bug Bounty Program. Resolution ========== Upgrade HPE Aruba Networking ClearPass Policy Manager to one of the following versions with the fixes to resolve all issues noted in the details section. HPE Aruba Networking ClearPass Policy Manager - 6.12.x: ClearPass 6.12.6 and above - 6.11.x: ClearPass 6.11.12 Hotfix Patch for CVE-2025-37122 and above Software versions with resolution/fixes for the vulnerabilities covered above can be downloaded from the HPE Networking Support Portal at https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE. Supported versions as of the publication date of this advisory are: - HPE Aruba Networking ClearPass Policy Manager 6.12.x - HPE Aruba Networking ClearPass Policy Manager 6.11.x HPE Aruba Networking does not evaluate or patch software branches that have reached their End of Maintenance (EoM) milestone. For more information about HPE Aruba Networking End of Life policy please visit: https://www.hpe.com/psnow/doc/a00143052enw Workaround ========== To minimize the likelihood of an attacker exploiting this vulnerability, HPE Aruba Networking recommends that the web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above. You may contact HPE Services - Aruba Networking for any configuration assistance if needed. HPE Aruba Networking ClearPass Policy Manager Security Hardening =========================================== For general information on hardening HPE Aruba Networking ClearPass Policy Manager instances against security threats please see the ClearPass Policy Manager Hardening Guide. HPE Aruba Networking ClearPass Policy Manager Hardening Guides - For the 6.12.x branch, the Hardening Guide is available at https://arubanetworking.hpe.com/techdocs/ClearPass/6.12/PolicyManager/Content/Hardening/Introduction.htm - For the 6.11.x branch, the Hardening Guide is available at https://arubanetworking.hpe.com/techdocs/ClearPass/6.11/PolicyManager/Content/Hardening/Introduction.htm Exploitation and Public Discussion ================================== HPE Aruba Networking is not aware of any public discussion or exploit code that targets these specific vulnerabilities as of the release date of the advisory. Revision History ================ Revision 1 / 2025-Sep-17 / Initial release HPE Aruba Networking SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in HPE Aruba Networking products and obtaining assistance with security incidents is available at: https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us For reporting *NEW* HPE Aruba Networking security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: https://www.hpe.com/info/psrt-pgp-key (c) Copyright 2025 by Hewlett Packard Enterprise Development LP. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmjLBTEXHHNlY3VyaXR5 LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE66Lfwv+OZPxd+NfCBzznfb+wHKfGRmH mEIiJtNviYuXS6l1QKkqrz+qHXegE9CkiQjtg+rZput2nGnZ/9Xg2I8upSlF4gwi BXmFS2lpMlkgPQIaiWZW0WyrtteBvmdbgUSL2SWFgow+1i28ESSfzQsQ75egYijW xmSpL2Nm0T+qoqVOnss1WKNYo+3AfMTvT0EdUZPIe7vI6Ims7I0CNSYTR1s+3Mdy cCcVRme+HedD4iW4waRarPKa2esensPE0SgXx+AP7p094ze8DYK/tOZP3h8A+r7l h1C8U5uiPTHoeoxSxqBeExZwEnowE+LnE9c4HgU73wYadX44GRuCzKFMwgho24mY qG6BDhY3un3tdXnFsOoQt8BdNq4/0rxnlRVIz1KhyHHnW6UOCXZvuntdW3KX29Ru aNGGvt2wjEvJPX4gFXkUvUZNL9ihW6Sd77zspVXIApHttXBOQaqUHFY62oDa/dYj jD66kR9g6gIxpQc6R2vmlkUI7dWsZczwVKagyE6t =NiE1 -----END PGP SIGNATURE-----