CVE-2025-37175

Published: Jan 13, 2026Modified: Jan 23, 2026

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: security-alert@hpe.com (Secondary)

Description

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.

Affected (4)

Products: Arubanetworks: Arubaos

Arubanetworks

1 product

Arubaos

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Arubanetworks Arubaos	From 10.3.0.0 to 10.4.1.10
Arubanetworks Arubaos	From 10.5.0.0 to 10.7.2.2
Arubanetworks Arubaos	From 6.5.4.0 to 8.10.0.21
Arubanetworks Arubaos	From 8.11.0.0 to 8.13.1.1

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US

Source: security-alert@hpe.com

Vendor Advisory

Timeline

No history available yet.