CVE-2025-37174 — Insecure Inherited Permissions in Arubaos

CWE-277 — Insecure Inherited Permissions3 documents3 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 81.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arubanetworks Arubaos Hewlett Packard Enterprise Arubaos

Timeline

PublishedJan 13

Description

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDarubanetworks/arubaos6.5.4.0 — 8.10.0.21+3

▶CVEListV5hewlett_packard_enterprise/arubaos10.6.0.0 — 10.7.2.1+3

🔴Vulnerability Details

GHSA

GHSA-h534-5rp5-qc2h: Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 op↗2026-01-13

▶

CVEList

Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface↗2026-01-13

▶