CVE-2025-37155

Published: Nov 18, 2025Modified: Dec 4, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

Affected (5)

Products: Hpe: Arubaos Cx

Hpe

1 product

Arubaos Cx

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hpe Arubaos Cx	From 10.10.0000 to 10.10.1170
Hpe Arubaos Cx	From 10.13.0000 to 10.13.1101
Hpe Arubaos Cx	From 10.14.0000 to 10.14.1060
Hpe Arubaos Cx	From 10.15.0000 to 10.15.1030
Hpe Arubaos Cx	From 10.16.0000 to 10.16.1001

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.