Search criteria
2 vulnerabilities found for HPE Aruba Networking Private 5G Core by Hewlett Packard Enterprise (HPE)
CVE-2025-37100 (GCVE-0-2025-37100)
Vulnerability from nvd – Published: 2025-06-10 15:05 – Updated: 2025-06-10 15:19
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core
Summary
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users.
A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Private 5G Core |
Affected:
1.24.1.0 , ≤ 1.25.1.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:17:03.216946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:19:27.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking Private 5G Core",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "1.25.1.0",
"status": "affected",
"version": "1.24.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the APIs of HPE Aruba Networking Private 5G Core\u0026nbsp;could potentially expose sensitive information to unauthorized users. \u003cbr\u003eA successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information."
}
],
"value": "A vulnerability in the APIs of HPE Aruba Networking Private 5G Core\u00a0could potentially expose sensitive information to unauthorized users. \nA successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:05:55.025Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04883",
"discovery": "INTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37100",
"datePublished": "2025-06-10T15:05:55.025Z",
"dateReserved": "2025-04-16T01:28:25.363Z",
"dateUpdated": "2025-06-10T15:19:27.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-37100 (GCVE-0-2025-37100)
Vulnerability from cvelistv5 – Published: 2025-06-10 15:05 – Updated: 2025-06-10 15:19
VLAI?
Title
Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core
Summary
A vulnerability in the APIs of HPE Aruba Networking Private 5G Core could potentially expose sensitive information to unauthorized users.
A successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.
Severity ?
7.7 (High)
CWE
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Private 5G Core |
Affected:
1.24.1.0 , ≤ 1.25.1.0
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37100",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T15:17:03.216946Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-922",
"description": "CWE-922 Insecure Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:19:27.298Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE Aruba Networking Private 5G Core",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "1.25.1.0",
"status": "affected",
"version": "1.24.1.0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A vulnerability in the APIs of HPE Aruba Networking Private 5G Core\u0026nbsp;could potentially expose sensitive information to unauthorized users. \u003cbr\u003eA successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information."
}
],
"value": "A vulnerability in the APIs of HPE Aruba Networking Private 5G Core\u00a0could potentially expose sensitive information to unauthorized users. \nA successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T15:05:55.025Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04883",
"discovery": "INTERNAL"
},
"title": "Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37100",
"datePublished": "2025-06-10T15:05:55.025Z",
"dateReserved": "2025-04-16T01:28:25.363Z",
"dateUpdated": "2025-06-10T15:19:27.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}