CVE-2025-37155

CWE-284 — Improper Access Control3 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 93.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

HPE Arubaos-cx Hewlett Packard Enterprise (hpe) HPE Aruba Networking Aos-cx

Timeline

PublishedNov 18

Description

A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only users. If successfully exploited, this vulnerability could allow an attacker with read-only privileges to gain administrator access on the affected system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5hewlett_packard_enterprise_(hpe)/hpe_aruba_networking_aos-cx10.16.0000 — 10.16.1000+4

▶NVDhpe/arubaos-cx10.10.0000 — 10.10.1170+4

🔴Vulnerability Details

GHSA

GHSA-r2h8-w7jv-3xg9: A vulnerability in the SSH restricted shell interface of the network management services allows improper access control for authenticated read-only us↗2025-11-18

▶

CVEList

Authenticated Privilege Escalation Allows Unauthorized Access in Network Management Interface↗2025-11-18

▶