CVE-2025-37155

Summary

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.16.0000 <= 10.16.1000affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.15.0000 <= 10.15.1020affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.14.0000 <= 10.14.1050affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.13.0000 <= 10.13.1090affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.10.0000 <= 10.10.1160affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References