Command-Line Interface Vulnerability in EdgeConnect SD-WAN by HPE
CVE-2025-37130

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Edgeconnect Sd-wan Gateway
Vendor: CVE Published:; 16 September 2025

What is CVE-2025-37130?

A security flaw within the command-line interface of EdgeConnect SD-WAN from Hewlett Packard Enterprise enables an authenticated attacker to access and read arbitrary files located on the system. This exploitation risk permits potential exposure of sensitive data from the underlying file system, emphasizing the need for immediate attention to secure command-line operations and mitigate unauthorized access risks.

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 <= 9.4.3.7

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

NCC Group