Access Control Vulnerability in HPE Network Management Services
CVE-2025-37155

7.8HIGH

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Aos-cx
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-37155?

A critical access control vulnerability in the SSH restricted shell interface of HPE Network Management Services could enable authenticated read-only users to escalate their privileges, granting them unauthorized administrative access. This security issue poses a significant risk as it compromises the integrity and confidentiality of the system, allowing potential malicious activities if exploited.

Affected Version(s)

HPE Aruba Networking AOS-CX 10.16.0000 <= 10.16.1000

HPE Aruba Networking AOS-CX 10.15.0000 <= 10.15.1020

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Angelo Catalani

Giacomo Gloria

JSON

HP (HP)

What is CVE-2025-37155?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit