5G Core Breach: Critical HPE Aruba Flaw Allows Unauthenticated Admin Takeover
Do Son 
HPE Aruba Networking has issued a critical security alert for its Private 5G Core platform, rushing to patch a cluster of vulnerabilities that could allow attackers to bypass authentication and seize control of the network infrastructure. Discovered by the Communications Security Establishment (CSE), the flaws expose the nerve center of private 5G deployments to unauthorized administrative access, service disruption, and data leakage.
The advisory highlights four specific vulnerabilities affecting versions 1.24.3.0 through 1.24.3.3, with the most severe allowing an unauthenticated stranger to simply create their own admin account.
The most alarming flaw, tracked as CVE-2026-23595 (CVSS 8.8), is an authentication bypass in the application API.
The advisory explains the risk: “An authentication bypass in the application API allows an unauthorized administrative account to be created.”
By exploiting this, a remote attacker—without any prior credentials—could mint a new privileged user. Once inside, they would have free rein to “gain administrative access, modify system configurations, and access or manipulate sensitive data,” effectively handing over the keys to the private 5G kingdom.
Alongside the takeover vulnerability, the CSE researchers found ways to crash the system and steal its secrets.
- Service Sabotage (CVE-2026-23596): This flaw allows unauthenticated attackers to trigger service restarts via the management API. HPE warns that “successful exploitation could allow an attacker to disrupt services and negatively impact system availability,” creating a potential denial-of-service condition for critical networks.
- Information Leak (CVE-2026-23597 & CVE-2026-23598): Two additional bugs allow attackers to peek behind the curtain, accessing details on user accounts, roles, and internal configurations. This intel could let an attacker “gain insight into internal services and workflows, increasing the risk of unauthorized access and elevated privileges when combined with other vulnerabilities”.
HPE Aruba has released version 1.25.1.0 to address these issues. Administrators running the affected 1.24.3.x branch are urged to upgrade immediately to prevent unauthorized actors from turning their private 5G core into a public playground.
Related Posts:
- HPE Aruba Networking Addresses Severe Vulnerabilities in Access Points
- Intel link with Microsoft, Dell, HP, and Lenovo to make 5G laptops
- CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action
- CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
