CVE-2025-27078

Summary

A vulnerability in a system binary of AOS-8 Instant and AOS-10 AP could allow an authenticated remote attacker to inject commands into the underlying operating system while using the CLI. Successful exploitation could lead to complete system compromise.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)AOS-10 AP10.7.0.0 <= 10.7.0.1affected
Hewlett Packard Enterprise (HPE)AOS-10 AP10.4.0.0 <= 10.4.1.5affected
Hewlett Packard Enterprise (HPE)AOS-10 AP8.12.0.0 <= 8.12.0.3affected
Hewlett Packard Enterprise (HPE)AOS-10 AP8.10.0.0 <= 8.10.0.15affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References