By Mayura Kathir
Publication Date: 2026-02-23 09:13:00
Hewlett Packard Enterprise (HPE) has issued a security bulletin warning customers about a serious vulnerability in its Telco Service Activator product that could allow attackers to remotely bypass access restrictions.
The vulnerability, identified as CVE-2025-12543, has a CVSS base score of 9.6 (critical) and affects versions prior to 10.5.0.
This incorrect input validation could allow attackers to manipulate the server’s handling of HTTP requests, potentially leading to unauthorized access, exposure of sensitive data, or even partial system compromise.
According to the HPE Product Security Response TeamThe issue originates from Undertow’s HTTP server core, which is unable to properly validate the Host header in incoming HTTP requests.
CVE-2025-12543 vulnerability affects HPE Telco Service Activator implementations used by telecommunications providers to automate service provisioning in complex network systems.
| CVE ID | CVSS Score | Description | Affected… |
|---|
