Broken Access Control Vulnerability in HPE Web-Based Management Interface
CVE-2025-37160

5.3MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Aos-cx
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-37160?

A broken access control vulnerability in HPE's web-based management interface allows authenticated remote attackers with low privileges to access sensitive information. This exploitation may lead to unauthorized disclosure of critical data, compromising the security of the system.

Affected Version(s)

HPE Aruba Networking AOS-CX 10.16.0000 <= 10.16.1000

HPE Aruba Networking AOS-CX 10.15.0000 <= 10.15.1020

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

dugisan3rd

JSON

HP (HP)

What is CVE-2025-37160?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit