CVE-2025-23052

HighRCE

Published: 14 January 2025

Published

14 January 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0067 71.4th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23052 is a high-severity Command Injection (CWE-77) vulnerability in Hpe (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Requires validation of CLI inputs to prevent command injection by rejecting malformed or malicious command strings.

SI-2 Flaw Remediation good match

prevent

Directly addresses the CVE by requiring timely application of vendor patches to remediate the command injection flaw in the network management service CLI.

AC-6 Least Privilege partial match

prevent

Enforces least privilege to minimize the privileges available to authenticated high-privilege users, limiting the scope of arbitrary command execution.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.008 Network Device CLI Execution

Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.

attack.mitre.org →

Why these techniques?

Authenticated command injection in network management service CLI directly enables RCE via public-facing app exploitation (T1190) and arbitrary command execution through network device/management CLI (T1059.008).

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system.

Deeper analysisAI

CVE-2025-23052, published on 2025-01-14, is an authenticated command injection vulnerability (CWE-77) in the command line interface of a network management service. It carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for significant impact on confidentiality, integrity, and availability. The vulnerability affects the CLI component, where improper input handling allows injection of malicious commands.

Exploitation requires high privileges (PR:H), meaning an authenticated attacker with administrative access to the network management service can leverage the CLI to execute arbitrary commands. Successful attacks enable remote code execution as a privileged user on the underlying operating system, potentially leading to full system compromise, data exfiltration, or further lateral movement within the network.

The HPE security bulletin at https://support.hpesc/public/docDisplay?docId=hpesbnw04723en_us&docLocale=en_US provides details on affected products, exploitation status, and recommended mitigations or patches. Security practitioners should consult this advisory for version-specific remediation steps.