CVE-2025-37185

Summary

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface and thereby make unauthorized arbitrary configuration changes to the host.

Affected Software

VendorProductVersion RangeStatus
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN Orchestrator9.5.0 <= 9.6.0affected
Hewlett Packard Enterprise (HPE)EdgeConnect SD-WAN Orchestrator9.4.0 <= 9.4.4affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References