CVE-2025-37178Out-of-bounds Read in Arubaos

CWE-125Out-of-bounds Read3 documents3 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
0.1%
top 80.44%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Arubanetworks ArubaosHewlett Packard Enterprise Arubaos
Timeline
PublishedJan 13

Description

Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDarubanetworks/arubaos8.6.0.08.10.0.21+1
CVEListV5hewlett_packard_enterprise/arubaos8.12.0.08.13.1.0+1

🔴Vulnerability Details

2
CVEList
Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System2026-01-13
GHSA
GHSA-2vpx-j6gq-83g2: Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers2026-01-13
CVE-2025-37178 — Out-of-bounds Read in Arubaos | cvebase