CVE-2025-67913

Aruba.it · Aruba HiSpeed Cache

A missing authorization vulnerability in Aruba HiSpeed Cache allows unauthorized users to access restricted functionality due to inadequate Access Control List (ACL) enforcement.

Executive summary

A critical missing authorization vulnerability in Aruba HiSpeed Cache allows unauthorized users to bypass access controls, risking total exposure of restricted application functionality.

Vulnerability

The vulnerability stems from missing authorization checks, allowing users to invoke functions that should be restricted by ACLs, effectively bypassing security constraints on the platform.

Business impact

With a CVSS score of 9.8, this vulnerability presents a critical threat to data integrity and system confidentiality. Unauthorized access to restricted functions can allow attackers to manipulate cache data or access sensitive information, potentially leading to a broader system breach.

Remediation

Immediate Action: Update the Aruba HiSpeed Cache plugin to version 3.0.3 or higher immediately to enforce proper authorization checks.

Proactive Monitoring: Monitor logs for unauthorized calls to sensitive administrative or cache-management functions originating from non-privileged accounts.

Compensating Controls: Deploy a WAF to filter requests and limit access to administrative paths and sensitive API endpoints.

Exploitation status

Public Exploit Available: Not specified

Analyst recommendation

The severity of this issue necessitates an immediate update to the latest patched version. Security teams should verify that all instances of the affected software are updated to remediate the authorization deficiency.