HPE Aruba ClearPass Policy Mgr: Unencrypted Data Exposure Allowing MITM
CVE-2025-23060 Published on February 4, 2025
Sensitive Data Exposure Vulnerability in HPE Aruba Networking ClearPass Policy Manager (CPPM)
A vulnerability in HPE Aruba Networking ClearPass Policy Manager may, under certain circumstances, expose sensitive unencrypted information. Exploiting this vulnerability could allow an attacker to perform a man-in-the-middle attack, potentially granting unauthorized access to network resources as well as enabling data tampering.
Vulnerability Analysis
CVE-2025-23060 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Cleartext Transmission of Sensitive Information
The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. Many communication channels can be "sniffed" by attackers during data transmission. For example, network traffic can often be sniffed by any attacker who has access to a network interface. This significantly lowers the difficulty of exploitation by attackers.
Products Associated with CVE-2025-23060
Want to know whenever a new CVE is published for Aruba Networks Clearpass Policy Manager? stack.watch will email you.
Affected Versions
Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager:- Version 6.12.0, <= <=6.12.3 is affected.
- Version 6.11.0, <= <=6.11.9 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.