Ddos 
HPE Aruba Networking has issued an important software update to address a high-severity security flaw in its Private 5G Core On-Prem Platform. The vulnerability, tracked as CVE-2026-23818, could allow malicious actors to deceive authenticated users and harvest sensitive credentials through a sophisticated phishing attack.
The vulnerability is rooted in the platform’s graphical user interface (GUI). According to the advisory, the flaw “could allow an attacker to abuse an open redirect vulnerability in the login flow using a crafted URL”.
In a typical attack scenario, a user might receive a seemingly legitimate link that appears to point to their organization’s internal 5G management portal. However, the “successful exploitation may redirect an authenticated user to an attacker-controlled server hosting a spoofed login page”.
Once the victim is lured to the fraudulent page, they are prompted to enter their username and password. These credentials “could then be captured by the attacker” before the unsuspecting user is “redirected back to the legitimate login page”. Because the final destination is the real portal, many victims may never realize their security has been compromised.
With a CVSS score of 8.8, this vulnerability is considered a High risk due to the ease with which it can be integrated into broader social engineering campaigns.
The security flaw affects on-premise deployments of the Private 5G Core infrastructure.
- Affected Product: HPE Aruba Networking Private 5G Core On-Prem.
- Affected Versions: All software versions 1.25.3.0 and below.
HPE Aruba Networking has stated it is “not aware of any public discussion or exploit code targeting these specific vulnerabilities” as of the release date. However, administrators are urged to take the following steps to secure their environments:
- Upgrade Immediately: To resolve the issue, organizations should “upgrade the software to the following version: HPE Aruba Networking Private 5G Core 1.25.3.1 and above”.
- Network Isolation: As a temporary workaround, HPE recommends that “CLI and web-based management interfaces be restricted to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above”.
- Enhance Monitoring: Implement “accounting controls for tracking and logging user activities and resource usage” to detect potential credential abuse.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
