CVE-2025-37172OS Command Injection in Arubaos

CWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
0.1%
top 74.36%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedJan 13

Description

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.10.0.21+1
CVEListV5hewlett_packard_enterprise/arubaos8.12.0.08.13.1.0+1

🔴Vulnerability Details

2
CVEList
Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface2026-01-13
GHSA
GHSA-6675-gp8j-8wjf: Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system2026-01-13
CVE-2025-37172 — OS Command Injection in Arubaos | cvebase