Unauthenticated Reflected Cross-Site Scripting_CVE-2025-37122

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browser in the context of the affected interface.

Basic Information

ID CVE-2025-37122

Source hpe

Published Sep 17, 2025 at 19:31

Modified Sep 17, 2025 at 19:42

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking ClearPass Policy Manager

Version 6.12.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager 6.12.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager 6.11.0

CWE Classification

CWE-79

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in the web-based management interface of network access control services could allow an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack. Successful exploitation could allow an attacker to execute arbitrary JavaScript code in a victim's browser in the context of the affected interface.",
    "published": "2025-09-17T19:31:19.915Z",
    "modified": "2025-09-17T19:42:07.283Z",
    "type": "cve",
    "title": "Unauthenticated Reflected Cross-Site Scripting",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04950en_us&docLocale=en_US",
    "id": "CVE-2025-37122",
    "bulletinFamily": "",
    "cwe": [
        "CWE-79"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager 6.12.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking ClearPass Policy Manager 6.11.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking ClearPass Policy Manager",
    "version": "6.12.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}