CVE-2025-37143

Summary

An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.7.0.0 <= 10.7.1.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.4.0.0 <= 10.4.1.8affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.13.0.0 <= 8.13.0.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.12.0.0 <= 8.12.0.5affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.10.0.0 <= 8.10.0.18affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References