Privilege Escalation Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateways
CVE-2025-37123

8.8HIGH

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan Gateway
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-37123?

A flaw in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways allows authenticated remote attackers to escalate privileges. By exploiting this vulnerability, attackers can execute arbitrary commands with root access on the system, posing a significant risk to the security and integrity of the affected network environment.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 <= 9.4.3.7

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Nicholas Migliore

HP (HP)

What is CVE-2025-37123?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit