Malicious code can get onto HPE Aruba Networking AOS Controllers and Gateways
Network technology from HPE Aruba is vulnerable. Current updates close a total of two security gaps.
(Image: Photon photo/Shutterstock.com)
Attackers can attack networks with HPE Aruba controllers and gateways. If attacks are successful, malware can get onto systems.
According to a warning message, the products Mobility Conductor, Mobility Controllers and WLAN and SD-WAN Gateways with software versions up to and including AOS 8.10.0.14, 8.12.0.2 and 10.4.1.4 are specifically at risk.
The developers warn that other versions are also at risk, but are no longer supported. Devices equipped with these versions remain vulnerable. To continue receiving security updates, an upgrade to a current version is required.
Networks at risk
One vulnerability (CVE-2025-23051"high") affects the web-based management interface. Attackers can overwrite system data here. The second vulnerability affects the CLI interface (CVE-2025-23052"high"). At this point, attackers can execute their own commands in the operating system. It is currently not known how attacks can take place and whether there are already attacks.
Videos by heise
To protect networks against these attacks, admins must install AOS 8.10.0.15, 8.12.0.3, 10.4.1.5 or 10.7.0.0.
(des)
