What is the severity of CVE-2025-25040?

CVE-2025-25040 is classified as a high severity vulnerability affecting specific versions of HPE AOS-CX software.

How do I fix CVE-2025-25040?

To fix CVE-2025-25040, upgrade to HPE AOS-CX versions higher than 10.15.1000 or later patches in the 10.14.xxxx series.

Which devices are impacted by CVE-2025-25040?

CVE-2025-25040 specifically impacts the HPE Aruba Networking CX 9300 Switch Series running affected versions of AOS-CX software.

What components of the HPE AOS-CX software are vulnerable due to CVE-2025-25040?

CVE-2025-25040 affects the port ACL functionality within the HPE AOS-CX software.

What actions should I take if I am using an affected version of AOS-CX software?

If using an affected version, it is critical to immediately plan and implement an upgrade to mitigate the risk posed by CVE-2025-25040.

Vulnerability/
CVE-2025-25040

low

3.3

CWE

863

18/3/2025

CVE-2025-25040: Failure to Properly Enforce Port ACLs on CPU generated packets in CX 9300 Switches

First published: Tue Mar 18 2025(Updated: )

A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability.

Credit: security-alert@hpe.com

Affected Software	Affected Version	How to fix
HPE AOS-CX	>=10.14.0<10.15.0<=10.15.1000

Never miss a vulnerability like this again

Reference Links

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04818en_us&docLocale=en_US

Frequently Asked Questions

What is the severity of CVE-2025-25040?
CVE-2025-25040 is classified as a high severity vulnerability affecting specific versions of HPE AOS-CX software.
How do I fix CVE-2025-25040?
To fix CVE-2025-25040, upgrade to HPE AOS-CX versions higher than 10.15.1000 or later patches in the 10.14.xxxx series.
Which devices are impacted by CVE-2025-25040?
CVE-2025-25040 specifically impacts the HPE Aruba Networking CX 9300 Switch Series running affected versions of AOS-CX software.
What components of the HPE AOS-CX software are vulnerable due to CVE-2025-25040?
CVE-2025-25040 affects the port ACL functionality within the HPE AOS-CX software.
What actions should I take if I am using an affected version of AOS-CX software?
If using an affected version, it is critical to immediately plan and implement an upgrade to mitigate the risk posed by CVE-2025-25040.

collector/mitre-cve
source/MITRE
agent/title
agent/references
agent/first-publish-date
agent/type
agent/description
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/severity
agent/author
agent/source
agent/tags
collector/nvd-api
source/NVD
agent/last-modified-date
agent/weakness
agent/event
vendor/hpe
canonical/hpe aos-cx

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.