Access management: HPE Aruba Networking CPPM is vulnerable

Attackers can exploit five vulnerabilities in HPE Aruba Networking ClearPass Policy Manager (CPPM) and, in the worst case, compromise systems. Security updates are available for download.

CPPM is an access management solution that allows admins to control and monitor network access.

The vulnerabilities

In a warning message, the HPE developers list further information on the closed vulnerabilities (CVE-2025-23058 “high”, CVE-2024-7348 “high”, CVE-2025-23059 “medium”, CVE-2025-23060 “medium”, CVE-2025-25039 “medium”).

If attacks are successful, attackers can gain higher user rights and execute certain functions with admin rights, for example. Attackers can also view sensitive data. It is not yet clear how attacks could actually take place.

HPE states that versions up to and including 6.11.9 and 6.12.3 are at risk. The vulnerabilities are also said to affect versions that are no longer in support. At this point, admins must upgrade to a version that is still supported.

To protect systems, admins must install version 6.11.10 or 6.12.4. So far, there are no reports of ongoing attacks. Unfortunately, HPE does not list any indications by which admins can recognize systems that have already been attacked.

(des)