CVE-2025-37184

Summary

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the system.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN Orchestrator9.5.0 <= 9.6.0affected
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN Orchestrator9.4.0 <= 9.4.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References