-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

HPE Aruba Networking Product Security Advisory
=============================================
Advisory ID: HPESBNW04775
CVE: CVE-2025-23053, CVE-2025-23054, CVE-2025-23055, 
     CVE-2025-23056, CVE-2025-23057
Publication Date: 2025-Jan-28
Status: Confirmed 
Severity: Medium
Revision: 1
 
 
Title
=====
HPE Aruba Networking Fabric Composer Multiple Vulnerabilities
 
 
Overview
========
HPE Aruba Networking has released patches for the HPE Aruba Networking 
Fabric Composer to address multiple security vulnerabilities.
 
 
Affected Products
=================
HPE Aruba Networking Fabric Composer
 
Affected Software Version(s):
HPE Aruba Networking Fabric Composer 7.x.x:    7.1.0 and below
 
 
Unaffected Products
=================
Any other HPE Aruba Networking products and software versions 
not specifically listed above are not affected by these vulnerabilities.
 
 
Details
====== 
Authenticated privilege escalation via broken access control 
(CVE-2025-23053)
---------------------------------------------------------------------- 
  A privilege escalation vulnerability exists in the web-based 
  management interface of HPE Aruba Networking Fabric Composer. 
  Successful exploitation could allow an authenticated low privilege 
  operator user to change the state of certain settings of a vulnerable 
  system. 
 
  Internal References: ATLAM-19
  Severity: Medium
  CVSSv3.x Overall Score: 6.5
  CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
 
  Discovery: This vulnerability was discovered and reported by  
  Colton Bachman of HPE Aruba Networking SIRT.
 
  Workaround: To minimize the likelihood of an attacker exploiting 
  this vulnerability, HPE Aruba Networking recommends that the 
  web-based management interfaces be restricted to a 
  dedicated layer 2 segment/VLAN and/or controlled by firewall 
  policies at layer 3 and above.

Authenticated Response Manipulation allows Unauthorized Actions in
Management Interface (CVE-2025-23054)
---------------------------------------------------------------------- 
  A vulnerability in the web-based management interface of HPE Aruba 
  Networking Fabric Composer could allow an authenticated low 
  privilege operator user to perform operations not allowed by their 
  privilege level. Successful exploitation could allow an attacker 
  to manipulate user generated files, potentially leading to unauthorized 
  changes in critical system configurations.
 
  Internal References: ATLAM-18
  Severity: Medium
  CVSSv3.x Overall Score: 6.5
  CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
 
  Discovery: This vulnerability was discovered and reported by  
  m0x_noob via HPE Aruba Networking's bug bounty program.
 
  Workaround: To minimize the likelihood of an attacker exploiting 
  this vulnerability, HPE Aruba Networking recommends that the 
  web-based management interfaces be restricted to a 
  dedicated layer 2 segment/VLAN and/or controlled by firewall 
  policies at layer 3 and above.

Authenticated Stored Cross-Site Scripting (XSS) Vulnerability in 
HPE Aruba Networking Fabric Composer Web Management Interface
(CVE-2025-23055, CVE-2025-23056, CVE-2025-23057)
---------------------------------------------------------------------- 
  A vulnerability in the web management interface of HPE Aruba Networking 
  Fabric Composer could allow an authenticated remote attacker to conduct 
  a stored cross-site scripting (XSS) attack. If successfully exploited, 
  a threat actor could run arbitrary script code in a victim's web browser 
  within the context of the compromised interface.
 
  Internal References: ATLAM-15, ATLAM-16, ATLAM-17
  Severity: Medium
  CVSSv3.x Overall Score: 5.5
  CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
 
  Discovery: This vulnerability was discovered and reported by  
  m0x_noob via HPE Aruba Networking's bug bounty program.
 
  Workaround: To minimize the likelihood of an attacker exploiting 
  this vulnerability, HPE Aruba Networking recommends that the 
  web-based management interfaces be restricted to a 
  dedicated layer 2 segment/VLAN and/or controlled by firewall 
  policies at layer 3 and above.
 
 
Resolution
==========
Upgrade the HPE Aruba Networking Fabric Composer to the following 
version to resolve the vulnerabilities described in the details 
section:
 
  - HPE Aruba Networking Fabric Composer 7.x.x:  7.1.1 and above
 
Software versions with resolution/fixes for the vulnerabilities
covered above can be downloaded from the HPE Networking 
Support Portal at 
https://networkingsupport.hpe.com/downloads;fileTypes=SOFTWARE.
 
HPE Aruba Networking does not evaluate or patch software branches that 
have reached their End of Maintenance (EoM) milestone. For more 
information about HPE Aruba Networking End of Support policy visit: 
https://www.hpe.com/psnow/doc/a00143052enw
 
 
Workaround
==========
Vulnerability specific workarounds are listed per vulnerability above. 
You may contact HPE Services - Aruba Networking for assistance if 
needed.
 
 
Exploitation and Public Discussion
==================================
HPE Aruba Networking is not aware of any public discussion or exploit code 
targeting these specific vulnerabilities as of the release date of the advisory.
 
 
Revision History
================
Revision 1 / 2025-Jan-28 / Initial release
 
 
HPE Aruba Networking SIRT Security Procedures
==============================
Complete information on reporting security vulnerabilities in HPE Aruba 
Networking products and obtaining assistance with security incidents is 
available at:
 
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00100637en_us
 
For reporting *NEW* HPE Aruba Networking security issues, email
can be sent to aruba-sirt(at)hpe.com. For sensitive information
we encourage the use of PGP encryption. Our public keys can be
found at:
 
https://www.hpe.com/info/psrt-pgp-key
 
(c) Copyright 2025 by Hewlett Packard Enterprise Development LP.
This advisory may be redistributed freely after the release date
given at the top of the text, provided that the redistributed
copies are complete and unmodified, including all data and
version information
-----BEGIN PGP SIGNATURE-----

iQHLBAEBCAA1FiEEMErWmuZGsYOCo0+xpjMm7I0cE64FAmeUF7EXHHNlY3VyaXR5
LWFsZXJ0QGhwZS5jb20ACgkQpjMm7I0cE67rGAv/TxBiV772Tx7b2H5uF3ZYCCyI
FcE/xzsmVLPqwBl9m2kawN3ATbs4rMud40+ZMHIvjfuuCpqU1SN/chn61qmo8goF
LrIuf3kbdUq94APdAJ7GZ4D3CC8nOcs7AMtKifVKw17a7F8RiyZlBHoPLPSgaf+f
IRyLJtoecc+Eg0iqqgwEgqq8wa0Xz8FE7EVcVzUY3iiu1etyWd3COF2vEG7A3+eS
u6aU3LXVjQXq6XRJyD9wZkzKjjAHRA3lf/dKs0O3iYPf6F6cEYdyBQwnwKhoO315
G2PqtqT8PLi4iip/NmpOLZRbkQxnfQNIY+EdZ33BO5Nh9PQzxqObnkv5p6LXKD/a
oAc3vErHAmVM050uuLVBipucnPBVQl00Z40xzW156qRGlpglkxQCVYtUX+uaxpGG
q0gyqpu6uT48Ttif3n4EeAoKQAT0sGkKNeKgrM1TnO+P4uynoieY1nRA2lYYrPTD
ZEh3e3zc2bnrRZEBkD1VXujmgJ4tE6zQ7LzHyjai
=gIYn
-----END PGP SIGNATURE-----