API Vulnerability in HPE Aruba Networking Private 5G Core Exposes Sensitive Information
CVE-2025-37100

7.7HIGH

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Private 5g Core
Vendor: CVE Published:; 10 June 2025

What is CVE-2025-37100?

A flaw in the APIs of HPE Aruba Networking Private 5G Core could lead to potential unauthorized access to sensitive data. An attacker may exploit this vulnerability to navigate through the filesystem iteratively, eventually downloading protected system files that contain confidential information. This poses a risk to the integrity and confidentiality of the data being managed by the system.

Affected Version(s)

HPE Aruba Networking Private 5G Core 1.24.1.0 <= 1.25.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 10, 2025
Vulnerability Reserved
Apr 16, 2025

HP (HP)

What is CVE-2025-37100?

Affected Version(s)

References

CVSS V3.1

Timeline