CVE-2025-37132

Published: Oct 14, 2025Modified: Nov 12, 2025

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.

Affected (5)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.4.0.0 to 10.4.1.9
Arubanetworks Arubaos	From 10.7.0.0 to 10.7.2.1
Arubanetworks Arubaos	From 8.10.0.0 to 8.10.0.19
Arubanetworks Arubaos	From 8.12.0.0 to 8.12.0.6
Arubanetworks Arubaos	From 8.13.0.0 to 8.13.1.0

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.