Summary
HPE patched a critical access bypass vulnerability (CVE-2025-12543) in its Telco Service Activator that allows unauthenticated attackers to hijack sessions or disrupt telecom services by exploiting improper Host header validation.
Take Action:
If you are using Telco Service Activator, make sure it's isolated from the internet and accessible from trusted networks only. Then plan an update to version 10.5.0 ASAP. Coordinate the patch window with your support teams to manage any potential service disruptions that could impact your customers' experience.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)