CVE-2025-37147Authentication Bypass by Spoofing in Packard Enterprise Arubaos

CWE-290Authentication Bypass by Spoofing3 documents3 sources
Severity
7.1HIGHNVD
EPSS
0.0%
top 96.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Hewlett Packard Enterprise Arubaos
Timeline
PublishedOct 14

Description

A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:NExploitability: 2.5 | Impact: 4.0

Affected Packages1 packages

CVEListV5hewlett_packard_enterprise/arubaos10.7.0.010.7.1.1+4

🔴Vulnerability Details

2
GHSA
GHSA-w4qr-7hmf-8w6r: A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in plac2025-10-14
CVEList
Secure Boot Bypass allows for Compromise of Hardware Root of Trust2025-10-14
CVE-2025-37147 — Authentication Bypass by Spoofing | cvebase