CVE-2025-37173

Published: Jan 13, 2026Modified: Jan 23, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.

Affected (4)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.3.0.0 to 10.4.1.10
Arubanetworks Arubaos	From 10.5.0.0 to 10.7.2.2
Arubanetworks Arubaos	From 6.5.4.0 to 8.10.0.21
Arubanetworks Arubaos	From 8.11.0.0 to 8.13.1.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.