CVE-2025-27085Path Traversal in Arubaos

CWE-22Path Traversal3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 50.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise HPE Aruba Networking AOS
Timeline
PublishedApr 8

Description

Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.10.0.08.10.0.16+3
CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_aos10.7.0.010.7.1.0+3

🔴Vulnerability Details

2
CVEList
Arbitrary File Download Vulnerabilities in Web-Based Management Interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor2025-04-08
GHSA
GHSA-j7wg-vqfq-fh3f: Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor2025-04-08
CVE-2025-27085 — Path Traversal in Arubaos | cvebase