CVE-2025-37157

Summary

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)HPE Aruba Networkign AOS-CX10.16.0000 <= 10.16.1000affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networkign AOS-CX10.15.0000 <= 10.15.1020affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networkign AOS-CX10.14.0000 <= 10.14.1050affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networkign AOS-CX10.13.0000 <= 10.13.1090affected
Hewlett Packard Enterprise (HPE)HPE Aruba Networkign AOS-CX10.10.0000 <= 10.10.1160affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References