CVE-2025-37160

Published: Nov 18, 2025Modified: Dec 4, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

Affected (5)

Products: Hpe: Arubaos Cx

Hpe

1 product

Arubaos Cx

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Hpe Arubaos Cx	From 10.10.0000 to 10.10.1170
Hpe Arubaos Cx	From 10.13.0000 to 10.13.1101
Hpe Arubaos Cx	From 10.14.0000 to 10.14.1060
Hpe Arubaos Cx	From 10.15.0000 to 10.15.1030
Hpe Arubaos Cx	From 10.16.0000 to 10.16.1001

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.