How severe is CVE-2025-25040?

This vulnerability has a severity rating of LOW with a CVSS score of 3.3 out of 10.

What type of vulnerability is CVE-2025-25040?

This is classified as CWE-863, which is a common weakness in software security.

CVE-2025-25040 - LOW Severity | CVSS 3.3

Vulnerability Description

A vulnerability has been identified in the port ACL functionality of AOS-CX software running on the HPE Aruba Networking CX 9300 Switch Series only and affects: - AOS-CX 10.14.xxxx : All patches - AOS-CX 10.15.xxxx : 10.15.1000 and below The vulnerability is specific to traffic originated by the CX 9300 switch platform and could allow an attacker to bypass ACL rules applied to routed ports on egress. As a result, port ACLs are not correctly enforced, which could lead to unauthorized traffic flow and violations of security policies. Egress VLAN ACLs and Routed VLAN ACLs are not affected by this vulnerability.

Related Vulnerabilities

CVE-2018-10910

LOW

CVSS:3.3(Low)

A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain Bl...

CWE-8632018

CVE-2018-7957

LOW

CVSS:3.3(Low)

Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an information leakage vulnerability. Because an interface does not verify authorization correctly, attackers can exploit an applica...

CWE-8632018

CVE-2019-9364

LOW

CVSS:3.3(Low)

In AudioService, there is a possible trigger of background user audio due to a permissions bypass. This could lead to local information disclosure by playing the background user's audio with no additi...

CWE-8632019

CVE-2020-0481

LOW

CVSS:3.3(Low)

In AndroidManifest.xml, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a non-system app to send a broadcast it shouldn't have permissions to send, wi...

CWE-8632020

CVE-2022-20558

LOW

CVSS:3.3(Low)

In registerReceivers of DeviceCapabilityListener.java, there is a possible way to change preferred TTY mode due to a permissions bypass. This could lead to local escalation of privilege with no additi...

CWE-8632022

CVE-2022-33718

LOW

CVSS:3.3(Low)

An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

CWE-8632022