Multiple Vulnerabilities in AOS-10 GW and AOS-8 Controller by HPE
CVE-2025-27085
4.9MEDIUM
What is CVE-2025-27085?
Multiple vulnerabilities have been identified within the web-based management interface of HPE's AOS-10 GW and AOS-8 Controller/Mobility Conductor. Exploitation of these vulnerabilities can permit an authenticated, remote attacker to access and download arbitrary files from the device's filesystem, potentially compromising sensitive information. It is crucial for users of these products to remain vigilant and apply necessary updates to safeguard their networks.
Affected Version(s)
HPE Aruba Networking AOS 10.7.0.0 <= 10.7.1.0
HPE Aruba Networking AOS 10.4.0.0 <= 10.4.1.6
HPE Aruba Networking AOS 8.12.0.0 <= 8.12.0.3