CVE-2025-27083

Summary

Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.7.0.0 <= 10.7.1.0affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS10.4.0.0 <= 10.4.1.6affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.12.0.0 <= 8.12.0.3affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS8.10.0.0 <= 8.10.0.15affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References