CVE-2025-37159

Published: Nov 18, 2025Modified: Dec 4, 2025

7.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Exploitability: 2.1 / Impact: 5.2

Source: NVD

Description

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

Affected (5)

Products: Hpe: Arubaos Cx

Hpe

1 product

Arubaos Cx

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hpe Arubaos Cx	From 10.10.0000 to 10.10.1170
Hpe Arubaos Cx	From 10.13.0000 to 10.13.1101
Hpe Arubaos Cx	From 10.14.0000 to 10.14.1060
Hpe Arubaos Cx	From 10.15.0000 to 10.15.1030
Hpe Arubaos Cx	From 10.16.0000 to 10.16.1001

Related CWEs

CWE-384

Session Fixation

Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.