CVE-2025-37144 — Path Traversal in Arubaos

CWE-22 — Path Traversal3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 80.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Hewlett Packard Enterprise Arubaos

Timeline

PublishedOct 14

Description

Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶NVDarubanetworks/arubaos8.10.0.0 — 8.10.0.19+4

▶CVEListV5hewlett_packard_enterprise/arubaos10.7.0.0 — 10.7.1.1+4

🔴Vulnerability Details

GHSA

GHSA-q5jp-gqxh-2wv5: Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems↗2025-10-14

▶

CVEList

Authenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface↗2025-10-14

▶