CVE-2025-27082

Published: Apr 8, 2025Modified: Nov 12, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.

Affected (4)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.4.0.0 to 10.4.1.7
Arubanetworks Arubaos	From 10.7.0.0 to 10.7.1.1
Arubanetworks Arubaos	From 8.10.0.0 to 8.10.0.16
Arubanetworks Arubaos	From 8.12.0.0 to 8.12.0.4

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04845en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.