Refine your search
12 vulnerabilities found for by Hewlett Packard Enterprise (HPE)
CVE-2025-37164 (GCVE-0-2025-37164)
Vulnerability from cvelistv5
Published
2025-12-16 16:30
Modified
2025-12-23 11:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A remote code execution issue exists in HPE OneView.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE OneView |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37164",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-23T11:54:52.576542Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-23T11:55:17.174Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us\u0026docLocale=en_US#vulnerability-summary-1"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/hpe_oneview_rce.rb"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "HPE OneView",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThan": "11.00",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A remote code execution issue exists in HPE OneView."
}
],
"value": "A remote code execution issue exists in HPE OneView."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T17:55:28.209Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn4985en_us\u0026docLocale=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37164",
"datePublished": "2025-12-16T16:30:34.524Z",
"dateReserved": "2025-04-16T01:28:25.375Z",
"dateUpdated": "2025-12-23T11:55:17.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37162 (GCVE-0-2025-37162)
Vulnerability from cvelistv5
Published
2025-11-18 19:23
Modified
2025-11-19 14:39
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking 100 Series Cellular Bridge |
Version: 10.7.0.0 ≤ 10.7.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37162",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:39:43.397325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:39:46.998Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking 100 Series Cellular Bridge",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.7.1.1",
"status": "affected",
"version": "10.7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicholas Starke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.\u003c/p\u003e"
}
],
"value": "A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T19:23:20.504Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04970",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37162",
"datePublished": "2025-11-18T19:23:20.504Z",
"dateReserved": "2025-04-16T01:28:25.375Z",
"dateUpdated": "2025-11-19T14:39:46.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37161 (GCVE-0-2025-37161)
Vulnerability from cvelistv5
Published
2025-11-18 19:21
Modified
2025-11-19 14:36
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking 100 Series Cellular Bridge |
Version: 10.7.0.0 ≤ 10.7.1.1 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T14:36:12.582281Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T14:36:15.968Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking 100 Series Cellular Bridge",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.7.1.1",
"status": "affected",
"version": "10.7.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicholas Starke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.\u003c/p\u003e"
}
],
"value": "A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T19:21:23.220Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04970",
"discovery": "INTERNAL"
},
"title": "Unauthenticated Remote Denial-of-Service (DoS) Vulnerability in Web Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37161",
"datePublished": "2025-11-18T19:21:23.220Z",
"dateReserved": "2025-04-16T01:28:25.375Z",
"dateUpdated": "2025-11-19T14:36:15.968Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37163 (GCVE-0-2025-37163)
Vulnerability from cvelistv5
Published
2025-11-18 19:06
Modified
2025-12-01 15:34
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking Management Software (Airwave) |
Version: 8.3.0.0 ≤ 8.3.0.4 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37163",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:39.017173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:34:50.072Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking Management Software (Airwave)",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "8.3.0.4",
"status": "affected",
"version": "8.3.0.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Michael \u0027Smolli\u0027 Smolinski"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T19:06:55.129Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04971",
"discovery": "EXTERNAL"
},
"title": "Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37163",
"datePublished": "2025-11-18T19:06:11.180Z",
"dateReserved": "2025-04-16T01:28:25.375Z",
"dateUpdated": "2025-12-01T15:34:50.072Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37160 (GCVE-0-2025-37160)
Vulnerability from cvelistv5
Published
2025-11-18 18:54
Modified
2025-11-18 20:56
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37160",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:56:16.719220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:56:20.675Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "dugisan3rd"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.\u003c/p\u003e"
}
],
"value": "A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:54:09.908Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Broken Access Control (BAC) in REST API Configuration Service",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37160",
"datePublished": "2025-11-18T18:54:09.908Z",
"dateReserved": "2025-04-16T01:28:25.374Z",
"dateUpdated": "2025-11-18T20:56:20.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37159 (GCVE-0-2025-37159)
Vulnerability from cvelistv5
Published
2025-11-18 18:52
Modified
2025-11-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37159",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-384",
"description": "CWE-384 Session Fixation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:34.559Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "0x50d"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.\u003c/p\u003e"
}
],
"value": "A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:52:46.501Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37159",
"datePublished": "2025-11-18T18:52:46.501Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:34.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37158 (GCVE-0-2025-37158)
Vulnerability from cvelistv5
Published
2025-11-18 18:51
Modified
2025-11-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37158",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:35.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisetech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:51:28.623Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37158",
"datePublished": "2025-11-18T18:51:28.623Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-19T04:55:35.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37157 (GCVE-0-2025-37157)
Vulnerability from cvelistv5
Published
2025-11-18 18:48
Modified
2025-12-01 15:35
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networkign AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37157",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-19T04:55:36.300388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-01T15:35:01.971Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networkign AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zzcentury from Ubisectech Sirius Team"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.\u003c/p\u003e"
}
],
"value": "A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:48:58.009Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "Authenticated Command Injection allows Unauthorized Command Execution in AOS-CX",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37157",
"datePublished": "2025-11-18T18:48:58.009Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-12-01T15:35:01.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37156 (GCVE-0-2025-37156)
Vulnerability from cvelistv5
Published
2025-11-18 18:46
Modified
2025-11-18 20:28
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T20:12:58.972214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T20:28:30.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nicholas Starke"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.\u003c/p\u003e"
}
],
"value": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:46:10.640Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "INTERNAL"
},
"title": "ArubaOS-CX Platform-Level Denial-of-Service Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37156",
"datePublished": "2025-11-18T18:46:10.640Z",
"dateReserved": "2025-04-16T01:28:25.370Z",
"dateUpdated": "2025-11-18T20:28:30.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37155 (GCVE-0-2025-37155)
Vulnerability from cvelistv5
Published
2025-11-18 18:40
Modified
2025-11-19 04:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | HPE Aruba Networking AOS-CX |
Version: 10.16.0000 ≤ 10.16.1000 Version: 10.15.0000 ≤ 10.15.1020 Version: 10.14.0000 ≤ 10.14.1050 Version: 10.13.0000 ≤ 10.13.1090 Version: 10.10.0000 ≤ 10.10.1160 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-18T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-19T04:55:36.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "HPE Aruba Networking AOS-CX",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"lessThanOrEqual": "10.16.1000",
"status": "affected",
"version": "10.16.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.15.1020",
"status": "affected",
"version": "10.15.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.14.1050",
"status": "affected",
"version": "10.14.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.13.1090",
"status": "affected",
"version": "10.13.0000",
"versionType": "semver"
},
{
"lessThanOrEqual": "10.10.1160",
"status": "affected",
"version": "10.10.0000",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Angelo Catalani"
},
{
"lang": "en",
"type": "reporter",
"value": "Giacomo Gloria"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.\u003c/p\u003e"
}
],
"value": "A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-18T18:40:40.560Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us\u0026docLocale=en_US"
}
],
"source": {
"advisory": "HPESBNW04888",
"discovery": "EXTERNAL"
},
"title": "Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37155",
"datePublished": "2025-11-18T18:40:40.560Z",
"dateReserved": "2025-04-16T01:28:25.369Z",
"dateUpdated": "2025-11-19T04:55:36.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-37149 (GCVE-0-2025-37149)
Vulnerability from cvelistv5
Published
2025-10-14 15:55
Modified
2025-10-28 20:37
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A potential
out-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server's UEFI firmware.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ProLiant RL300 Gen11 Server |
Version: 0 ≤ |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-37149",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-14T16:30:21.502497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-28T20:37:02.318Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ProLiant RL300 Gen11 Server",
"programFiles": [
"1.78"
],
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A potential \n\nout-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server\u0027s UEFI firmware."
}
],
"value": "A potential \n\nout-of-bound reads vulnerability in HPE ProLiant RL300 Gen11 Server\u0027s UEFI firmware."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-14T15:55:23.841Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbhf04952en_us\u0026docLocale=en_US"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2025-37149",
"datePublished": "2025-10-14T15:55:23.841Z",
"dateReserved": "2025-04-16T01:28:25.369Z",
"dateUpdated": "2025-10-28T20:37:02.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-25613 (GCVE-0-2024-25613)
Vulnerability from cvelistv5
Published
2024-03-05 20:17
Modified
2025-12-16 18:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Hewlett Packard Enterprise (HPE) | ArubaOS Wi-Fi Controllers and Campus/Remote Access Points |
Version: ArubaOS 10.5.x.x: 10.5.0.1 and below Version: ArubaOS 10.4.x.x: 10.4.0.3 and below Version: ArubaOS 8.11.x.x: 8.11.2.0 and below Version: ArubaOS 8.10.x.x: 8.10.0.9 and below |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.5.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.5.0.1",
"status": "affected",
"version": "10.5.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.4.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "10.4.0.3",
"status": "affected",
"version": "10.4.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.11.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.11.2.0",
"status": "affected",
"version": "8.11.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.10.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThanOrEqual": "8.10.0.9",
"status": "affected",
"version": "8.10.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:10.3.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "10.4.0.0",
"status": "affected",
"version": "10.3.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.9.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.10.0.0",
"status": "affected",
"version": "8.9.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.8.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.9.0.0",
"status": "affected",
"version": "8.8.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:8.6.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:o:arubanetworks:arubaos:6.5.4.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "arubaos",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "6.5.5.0",
"status": "affected",
"version": "6.5.4.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.7.0.0:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.8.0.0",
"status": "affected",
"version": "8.7.0.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:arubanetworks:sd-wan:8.6.0.4:*:*:*:*:*:*:*"
],
"defaultStatus": "affected",
"product": "sd-wan",
"vendor": "arubanetworks",
"versions": [
{
"lessThan": "8.7.0.0",
"status": "affected",
"version": "8.6.0.4",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-25613",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-16T16:13:38.968345Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-77",
"description": "CWE-77 Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-16T18:13:17.523Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T23:44:09.825Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "ArubaOS Wi-Fi Controllers and Campus/Remote Access Points",
"vendor": "Hewlett Packard Enterprise (HPE)",
"versions": [
{
"status": "affected",
"version": "ArubaOS 10.5.x.x: 10.5.0.1 and below"
},
{
"status": "affected",
"version": "ArubaOS 10.4.x.x: 10.4.0.3 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.11.x.x: 8.11.2.0 and below"
},
{
"status": "affected",
"version": "ArubaOS 8.10.x.x: 8.10.0.9 and below"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Erik De Jong (bugcrowd.com/erikdejong)"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAuthenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\u003c/p\u003e"
}
],
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-05T20:17:55.396Z",
"orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"shortName": "hpe"
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
"assignerShortName": "hpe",
"cveId": "CVE-2024-25613",
"datePublished": "2024-03-05T20:17:55.396Z",
"dateReserved": "2024-02-08T18:08:46.265Z",
"dateUpdated": "2025-12-16T18:13:17.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}