CVE-2025-37146Command Injection in Packard Enterprise Arubaos

CWE-77Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.2%
top 62.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hewlett Packard Enterprise Arubaos
Timeline
PublishedOct 14

Description

A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

CVEListV5hewlett_packard_enterprise/arubaos10.7.0.010.7.1.1+4

🔴Vulnerability Details

2
GHSA
GHSA-hxr3-cvgg-vp76: A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to p2025-10-14
CVEList
Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution2025-10-14
CVE-2025-37146 — Command Injection | cvebase