← Back

CVE-2025-37137

nvd nist
Published: Oct 14, 2025Modified: Nov 12, 2025

JSON object

Loading...
6.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Exploitability: 1.2 / Impact: 5.2
Source: security-alert@hpe.com (Secondary)

Description

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

Affected (5)

Arubanetworks
1 product
Arubaos
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Arubaos
From 10.4.0.0 to 10.4.1.9
Arubaos
From 10.7.0.0 to 10.7.2.1
Arubaos
From 8.10.0.0 to 8.10.0.19
Arubaos
From 8.12.0.0 to 8.12.0.6
Arubaos
From 8.13.0.0 to 8.13.1.0

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: security-alert@hpe.com
Vendor Advisory

Timeline

No history available yet.