cbcvebase.
CVE-2025-37176
published 2026-01-13

CVE-2025-37176: A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting…

PriorityP349high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.24%
65.6th percentile
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.

Affected

4 ranges
VendorProductVersion rangeFixed in
arubanetworksarubaos>= 8.11.0.0 < 8.13.1.18.13.1.1
arubanetworksarubaos>= 8.6.0.0 < 8.10.0.218.10.0.21
hewlett_packard_enterprisearubaos8.10.0.0 – 8.10.0.20
hewlett_packard_enterprisearubaos8.12.0.0 – 8.13.1.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.