CVE-2025-37173

Summary

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.6.0.0 <= 10.7.2.1affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.3.0.0 <= 10.4.1.9affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.12.0.0 <= 8.13.1.0affected
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)8.10.0.0 <= 8.10.0.20affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References