Platform
aruba
Component
private-5g-core
Fixed in
1.25.4
A critical vulnerability has been discovered in the graphical user interface (GUI) of HPE Aruba Networking Private 5G Core On-Prem. This vulnerability is an open redirect, allowing attackers to craft malicious URLs that redirect authenticated users to attacker-controlled servers. Successful exploitation could lead to credential theft and further compromise. The vulnerability impacts versions 1.0.0 through 1.25.3.0, and a fix is available in version 1.25.4.
The primary impact of this open redirect vulnerability is the potential for credential theft. An attacker can craft a URL that, after a user successfully authenticates to the legitimate HPE Aruba Networking Private 5G Core login page, redirects them to a malicious website designed to mimic the login page. Unsuspecting users, believing they are still interacting with the legitimate system, may enter their credentials on the spoofed page, allowing the attacker to capture them. This stolen information can then be used to gain unauthorized access to the Private 5G Core system and potentially other connected resources. The blast radius extends to any user who authenticates through the vulnerable GUI, and the attacker could leverage stolen credentials for lateral movement within the network.
This vulnerability was publicly disclosed on 2026-04-07. There is currently no indication of active exploitation in the wild, but the availability of a public open redirect vulnerability significantly increases the risk of exploitation. The ease of exploitation, combined with the potential for credential theft, makes this a high-priority vulnerability to address. No KEV listing is currently available.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The recommended mitigation is to immediately upgrade HPE Aruba Networking Private 5G Core On-Prem to version 1.25.4 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as strict URL filtering at the network perimeter. Web Application Firewalls (WAFs) can be configured to block redirects to external domains. Monitor authentication logs for suspicious redirect activity. Implement multi-factor authentication (MFA) to add an extra layer of security, even if credentials are compromised. After upgrading, confirm the fix by attempting to access the login page with a crafted URL designed to trigger the redirect; it should now be blocked or redirected to a safe location.
Apply the security update provided by HPE Aruba Networking to version 1.25.4 or later to mitigate the open redirect vulnerability. Refer to HPE documentation for detailed instructions on how to apply the update.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-23818 is a HIGH severity Open Redirect vulnerability in HPE Aruba Networking Private 5G Core, allowing attackers to redirect users to malicious sites and potentially steal credentials.
If you are using HPE Aruba Networking Private 5G Core versions 1.0.0–1.25.3.0, you are potentially affected by this vulnerability.
Upgrade to HPE Aruba Networking Private 5G Core version 1.25.4 or later to remediate the vulnerability. Implement temporary workarounds like URL filtering and WAF rules if immediate upgrade is not possible.
There is currently no indication of active exploitation, but the vulnerability's ease of exploitation warrants immediate attention and mitigation.
Refer to the official HPE security advisory for detailed information and mitigation guidance: [https://arubanetworks.com/support/security/advisories/arp-sa-0001]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.