Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem

Description

A vulnerability has been identified in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem that could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL. Successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page prompting the unsuspecting victim to give away their credentials, which could then be captured by the attacker, before being redirected back to the legitimate login page.

Affected Products

Vendor	Product	Versions
hewlett packard enterpri	aruba networking private 5g core on-prem	1.0.0.0, 1.25.3.1

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw05032en_us&docLocale=en_US

Related News (3 articles)

Tier B

CCCS Canada1d ago

HPE security advisory (AV26-325)

→ No new info (linked only)

Tier B

CERT-FR1d ago

Vulnérabilité dans HPE Aruba Networking Private 5G Core (08 avril 2026)

→ No new info (linked only)

Tier C

VulDB2d ago

CVE-2026-23818 | HPE Private 5G Core up to 1.25.3.0 Graphical User Interface redirect

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited✅ Yes

CWECWE-601

PublishedApr 7, 2026

Last enriched1d agov3

Community Vote

Version History

Last enriched 1d ago

v3Tier B1d ago

Updated affected versions to include 1.25.3.1 and changed exploit availability to false.

affectedVersions

via CERT-FR

v2Tier C2d ago

Updated affected versions to include 1.25.3.0, changed severity to MEDIUM, and noted that no exploit is available.

affectedVersionsseverityactivelyExploited

via VulDB

v12d ago

Initial creation

Open Redirect Vulnerability in HPE Aruba Networking Private 5G Core On-Prem

Description

Affected Products

References

Related News (3 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline

Version History