Remote Code Execution Risk in AOS-CX Operating System by HPE
CVE-2025-37157

6.7MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networkign Aos-cx
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-37157?

A command injection vulnerability has been identified in the AOS-CX Operating System. This issue enables authenticated remote attackers to execute arbitrary code on the system, posing a significant risk of unauthorized actions and system compromise. Effective mitigation measures are essential to protect against potential exploitation of this vulnerability.

Affected Version(s)

HPE Aruba Networkign AOS-CX 10.16.0000 <= 10.16.1000

HPE Aruba Networkign AOS-CX 10.15.0000 <= 10.15.1020

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

zzcentury from Ubisectech Sirius Team

JSON

HP (HP)

What is CVE-2025-37157?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit