CVE-2025-37143Improper Access Control in Arubaos

CWE-284Improper Access Control3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.0%
top 89.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedOct 14

Description

An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.10.0.08.10.0.19+4
CVEListV5hewlett_packard_enterprise/arubaos10.7.0.010.7.1.1+4

🔴Vulnerability Details

2
GHSA
GHSA-vmqw-c6vq-83fp: An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating s2025-10-14
CVEList
Authenticated Arbitrary File Download Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web Interface (Physical Access Required)2025-10-14
CVE-2025-37143 — Improper Access Control in Arubaos | cvebase