CVE-2025-37140Improper Access Control in Arubaos

CWE-284Improper Access Control3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.0%
top 89.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedOct 14

Description

Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.10.0.08.10.0.19+4
CVEListV5hewlett_packard_enterprise/arubaos10.7.0.010.7.1.1+4

🔴Vulnerability Details

2
GHSA
GHSA-23c7-w4rj-j8hh: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems2025-10-14
CVEList
Authenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management Interface2025-10-14
CVE-2025-37140 — Improper Access Control in Arubaos | cvebase