Remote Process Termination Vulnerability in HPE Aruba Networking EdgeConnect SD-WAN Gateways
CVE-2025-37128

6.8MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan Gateway
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-37128?

A significant security flaw exists in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways, which could allow an authenticated remote attacker to terminate any running process. This exploitation could lead to significant disruption in system operations, potentially causing the system to enter an unstable state that may affect network performance and reliability. Organizations using affected versions should prioritize patching to safeguard their environments.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 <= 9.4.3.7

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

NCC Group

HP (HP)

What is CVE-2025-37128?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit