CVE-2025-37133Command Injection in Arubaos

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 82.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedOct 14

Description

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/arubaos8.10.0.08.10.0.19+4
CVEListV5hewlett_packard_enterprise/arubaos10.7.0.010.7.1.1+4

🔴Vulnerability Details

2
GHSA
GHSA-92j2-m5rq-6p7m: An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system2025-10-14
CVEList
Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activ2025-10-14
CVE-2025-37133 — Command Injection in Arubaos | cvebase