CVE-2025-37156

Published: Nov 18, 2025Modified: Dec 4, 2025

6.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Exploitability: 2.3 / Impact: 4.0

Source: NVD

Description

A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

Affected (5)

Products: Hpe: Arubaos Cx

Hpe

1 product

Arubaos Cx

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hpe Arubaos Cx	From 10.10.0000 to 10.10.1170
Hpe Arubaos Cx	From 10.13.0000 to 10.13.1101
Hpe Arubaos Cx	From 10.14.0000 to 10.14.1060
Hpe Arubaos Cx	From 10.15.0000 to 10.15.1030
Hpe Arubaos Cx	From 10.16.0000 to 10.16.1001

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.