← Back

CVE-2025-37143

nvd nist
Published: Oct 14, 2025Modified: Nov 12, 2025

JSON object

Loading...
4.9
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 1.2 / Impact: 3.6
Source: security-alert@hpe.com (Secondary)

Description

An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.

Affected (5)

Arubanetworks
1 product
Arubaos
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Arubanetworks
Arubaos
From 10.4.0.0 to 10.4.1.9
Arubaos
From 10.7.0.0 to 10.7.2.1
Arubaos
From 8.10.0.0 to 8.10.0.19
Arubaos
From 8.12.0.0 to 8.12.0.6
Arubaos
From 8.13.0.0 to 8.13.1.0

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: security-alert@hpe.com
Vendor Advisory

Timeline

No history available yet.