Hewlett Packard Enterprise Arubaos vulnerabilities

CVE-2025-37136 [MEDIUM] CWE-284 CVE-2025-37136: Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

CVE-2025-37140 [MEDIUM] CWE-284 CVE-2025-37140: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mo Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVE-2025-37142 [MEDIUM] CWE-284 CVE-2025-37142: Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mo Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVE-2025-37144 [MEDIUM] CWE-22 CVE-2025-37144: Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS- Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVE-2025-37145 [MEDIUM] CWE-22 CVE-2025-37145: Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS- Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVE-2025-37148 [MEDIUM] CWE-400 CVE-2025-37148: A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthe A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore functionality.

CVE-2025-37139 [MEDIUM] CWE-400 CVE-2025-37139: A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently del A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware.

CVE-2025-37137 [MEDIUM] CWE-284 CVE-2025-37137: Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

CVE-2025-37143 [MEDIUM] CWE-284 CVE-2025-37143: An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW a An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.

CVE-2017-9000 [CRITICAL] CWE-200 CVE-2017-9000: ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x prior to 6.5.1.9, 6.5.2, 6.5.3 prior to 6.5.3.3, 6.5.4 prior to 6.5.4.2, 8.x prior to 8.1.0.4 FIPS and non-FIPS versions of software are both affected equally is vulnerable to unauthenticated arbitrary file access. An unauthenticated user with network access to an Aruba mobility c

CVE-2017-9003 [HIGH] CWE-119 CVE-2017-9003: Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to Multiple memory corruption flaws are present in ArubaOS which could allow an unauthenticated user to crash ArubaOS processes. With sufficient time and effort, it is possible these vulnerabilities could lead to the ability to execute arbitrary code - remote code execution has not yet been confirmed.