CVE-2025-37163 — Command Injection in Airwave

CWE-77 — Command Injection CWE-78 — OS Command Injection3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 74.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Airwave Hewlett Packard Enterprise HPE Aruba Networking Management Software

Timeline

PublishedNov 18

Description

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/airwave< 8.3.0.5

▶CVEListV5hewlett_packard_enterprise/hpe_aruba_networking_management_software8.3.0.0 — 8.3.0.4

🔴Vulnerability Details

CVEList

Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI↗2025-11-18

▶

GHSA

GHSA-j565-rm3x-jxcx: A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform↗2025-11-18

▶