CVE-2025-37131

Summary

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WAN Gateway9.5.0.0 <= 9.5.3.6affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking EdgeConnect SD-WAN Gateway9.4.0.0 <= 9.4.3.7affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References