CVE-2025-37132

Summary

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.7.0.0 <= 10.7.1.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.4.0.0 <= 10.4.1.8affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.13.0.0 <= 8.13.0.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.12.0.0 <= 8.12.0.5affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.10.0.0 <= 8.10.0.18affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References