CVE-2025-37156

Summary

A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.16.0000 <= 10.16.1000affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.15.0000 <= 10.15.1020affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.14.0000 <= 10.14.1050affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.13.0000 <= 10.13.1090affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networking AOS-CX10.10.0000 <= 10.10.1160affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References