CVE-2025-37162 — Command Injection in Arubaos

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

CNA6.5

EPSS

0.1%

top 83.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Hewlett Packard Enterprise HPE Aruba Networking 100 Series Cellular Bridge

Timeline

PublishedNov 18

Description

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/arubaos< 10.7.2.0

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_100_series_cellular_bridge10.7.0.0 — 10.7.1.1

🔴Vulnerability Details

GHSA

GHSA-rjh3-m3qw-q3cr: A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack↗2025-11-18

▶

CVEList

Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution↗2025-11-18

▶