Remote Shell Access Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateways
CVE-2025-37127

7.2HIGH

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan Gateway
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-37127?

A vulnerability exists in the cryptographic logic of HPE Aruba Networking EdgeConnect SD-WAN Gateways that allows an authenticated remote attacker to gain shell access to the system. If successfully exploited, this vulnerability permits the attacker to execute arbitrary commands on the underlying operating system, which can lead to unauthorized access and control over critical network infrastructure.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 <= 9.4.3.7

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

NCC Group

HP (HP)

What is CVE-2025-37127?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit