Command-Line Interface Vulnerability in EdgeConnect SD-WAN by HPE
CVE-2025-37130

6.5MEDIUM

Key Information:

Vendor

HP (HP)

Status
HP Aruba Networking Edgeconnect Sd-wan Gateway
Vendor
CVE Published:
16 September 2025

What is CVE-2025-37130?

A security flaw within the command-line interface of EdgeConnect SD-WAN from Hewlett Packard Enterprise enables an authenticated attacker to access and read arbitrary files located on the system. This exploitation risk permits potential exposure of sensitive data from the underlying file system, emphasizing the need for immediate attention to secure command-line operations and mitigate unauthorized access risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 <= 9.5.3.6

HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 <= 9.4.3.7

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

NCC Group
JSON
.