CVE-2025-37169Out-of-bounds Write in Arubaos

CWE-787Out-of-bounds WriteCWE-121Stack-based Buffer Overflow3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 74.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedJan 13

Description

A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/arubaos10.3.0.010.4.1.10+1
CVEListV5hewlett_packard_enterprise/arubaos10.6.0.010.7.2.1+1

🔴Vulnerability Details

2
GHSA
GHSA-3v94-pmvx-x3wh: A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway2026-01-13
CVEList
Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface2026-01-13
CVE-2025-37169 — Out-of-bounds Write in Arubaos | cvebase