Vulnerability Details CVE-2025-27084
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.1%
CVSS Severity
CVSS v3 Score 5.4
Products affected by CVE-2025-27084
-
cpe:2.3:o:arubanetworks:arubaos:10.4.0.0
-
cpe:2.3:o:arubanetworks:arubaos:10.4.0.1
-
cpe:2.3:o:arubanetworks:arubaos:10.4.0.2
-
cpe:2.3:o:arubanetworks:arubaos:10.4.0.3
-
cpe:2.3:o:arubanetworks:arubaos:10.4.1.0
-
cpe:2.3:o:arubanetworks:arubaos:10.4.1.1
-
cpe:2.3:o:arubanetworks:arubaos:10.4.1.2
-
cpe:2.3:o:arubanetworks:arubaos:10.4.1.3
-
cpe:2.3:o:arubanetworks:arubaos:10.4.1.4
-
cpe:2.3:o:arubanetworks:arubaos:10.7.0.0
-
cpe:2.3:o:arubanetworks:arubaos:10.7.0.1
-
cpe:2.3:o:arubanetworks:arubaos:10.7.0.2
-
cpe:2.3:o:arubanetworks:arubaos:10.7.1.0
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.0
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.1
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.10
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.11
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.12
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.13
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.14
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.15
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.2
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.3
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.4
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.5
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.6
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.7
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.8
-
cpe:2.3:o:arubanetworks:arubaos:8.10.0.9
-
cpe:2.3:o:arubanetworks:arubaos:8.12.0.0
-
cpe:2.3:o:arubanetworks:arubaos:8.12.0.1
-
cpe:2.3:o:arubanetworks:arubaos:8.12.0.2
-
cpe:2.3:o:arubanetworks:arubaos:8.12.0.3