CVE-2024-25616

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.

Published: Mar 5, 2024
Updated: Jul 29, 2025
CVE: CVE-2024-25616
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 3.7
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arubanetworks / arubaos	10.4.0.0	10.4.1.0
arubanetworks / arubaos	10.5.0.0	10.5.1.0
arubanetworks / arubaos	8.10.0.0	8.10.0.10
arubanetworks / arubaos	8.11.0.0	8.11.2.1

https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt

Vulnerability Database

CVE-2024-25616