CVE-2025-37158

Description

A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

None

Affected products

Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS-CX10.16.0000 – 10.16.1000
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS-CX10.15.0000 – 10.15.1020
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS-CX10.14.0000 – 10.14.1050
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS-CX10.13.0000 – 10.13.1090
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking AOS-CX10.10.0000 – 10.10.1160

References

MISChttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US