CVE-2025-37103
published 2025-07-08CVE-2025-37103: Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.00%
58.5th percentile
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hewlett_packard_enterprise | hpe_networking_instant_on | 3.2.0.0 – 3.2.0.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Target devices: HPE Networking Aruba Instant On Access Points running firmware version 3.2.0.1 and below are vulnerable to hardcoded credential authentication bypass via the web interface ↗
- →Attack vector is remote access to the device web management interface using hardcoded administrative credentials embedded in the firmware; monitor for unexpected admin logins to Aruba Instant On web interfaces ↗
- →CVE-2025-37103 can be chained with CVE-2025-37102 (authenticated CLI command injection) — monitor for CLI command injection activity following web interface admin login on affected devices ↗
- →Scope clarification: CVE-2025-37103 does NOT affect Instant On Switches — focus detection efforts exclusively on Instant On Access Points ↗
- ·Hardcoded credentials are embedded in the firmware itself; the credentials are not publicly disclosed in available sources but are described as trivially discoverable through firmware analysis ↗
- ·No workarounds are available from HPE; the only remediation is upgrading to firmware version 3.2.1.0 or newer ↗
- ·As of publication, HPE Aruba Networking has confirmed no known in-the-wild exploitation, but the critical CVSS score (9.8) and ease of exploitation make rapid weaponization likely ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
2025-07-08
Published