Authenticated Command Injection in HPE AOS-8 Controller's CLI
CVE-2025-37133

7.2HIGH

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 14 October 2025

What is CVE-2025-37133?

An authenticated command injection vulnerability has been identified in the CLI binary of Hewlett Packard Enterprise's AOS-8 Controller/Mobility Conductor. This flaw could be exploited by an authenticated user to execute arbitrary commands with elevated privileges on the device's underlying operating system, potentially compromising the security and integrity of the system. Prompt remediation is advised to safeguard against unauthorized access.

Affected Version(s)

ArubaOS (AOS) 10.7.0.0 <= 10.7.1.1

ArubaOS (AOS) 10.4.0.0 <= 10.4.1.8

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 14, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

zzcentury from Ubisectech Sirius Team

JSON

HP (HP)

What is CVE-2025-37133?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit