CVE-2025-37124

Summary

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WAN Gateway9.5.0.0 <= 9.5.3.6affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WAN Gateway9.4.0.0 <= 9.4.3.7affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References