Unauthorized Access Risk in HPE Networking Instant On Access Points
CVE-2025-37103

9.8CRITICAL

Key Information:

Vendor

HP (HP)

Status
HP Networking Instant On
Vendor
CVE Published:
8 July 2025

Badges

📈 Score: 364👾 Exploit Exists📰 News Worthy

What is CVE-2025-37103?

CVE-2025-37103 is a significant security vulnerability found in HPE Networking Instant On Access Points, devices designed to provide reliable, high-performance wireless networking solutions for businesses. This vulnerability arises from the presence of hard-coded login credentials within the access points, allowing attackers to circumvent conventional authentication methods. If exploited, this weakness facilitates unauthorized administrative access to the affected systems, jeopardizing the integrity and confidentiality of the network. Organizations using these devices face potential disruption of services, data breaches, and unauthorized control over network configurations, leading to broader security risks.

Potential impact of CVE-2025-37103

  1. Unauthorized Access: The vulnerability enables attackers to gain administrative control over the access points, which could allow them to alter network configurations, intercept data, or manipulate traffic.

  2. Data Breach Risk: With administrative access, an attacker can expose sensitive data transmitted over the network, leading to potential data theft and regulatory compliance issues.

  3. Network Disruption: Exploitation of this vulnerability can result in significant service interruptions, affecting business operations and user access to network resources, which could be leveraged for further attacks or ransom demands.

Affected Version(s)

HPE Networking Instant On 3.2.0.0 <= 3.2.0.1

News Articles

favicon imageCyber Press

HPE Alerts to Aruba Hardcoded Credential Flaws Allowing Auth Bypass

The vulnerabilities, identified as CVE-2025-37103 and CVE-2025-37102, affect devices running software version 3.2.0.1 and below

2 weeks ago

favicon imageDataconomy

A critical flaw found in popular HPE Aruba Wi-Fi devices

HPE has issued a warning regarding hardcoded credentials within Aruba Instant On Access Points, which could enable remote attackers to gain administrative

2 weeks ago

favicon imageBleepingComputer

HPE warns of hardcoded passwords in Aruba access points

Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface.

2 weeks ago

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by BleepingComputer

  • Vulnerability published

  • Vulnerability Reserved

Credit

ZZ from Ubisectech Sirius Team
.
CVE-2025-37103 : Unauthorized Access Risk in HPE Networking Instant On Access Points