Command Injection Vulnerability in HPE Devices
CVE-2025-37162

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking 100 Series Cellular Bridge
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-37162?

A command injection vulnerability has been identified in the command line interface of specific HPE devices. This flaw allows authenticated remote attackers to execute arbitrary commands on the underlying operating system. By exploiting this vulnerability, attackers could perform unauthorized operations on affected devices, potentially compromising the system's integrity and data security. It is crucial for users to be aware of this issue and apply appropriate mitigations as soon as possible.

Affected Version(s)

HPE Aruba Networking 100 Series Cellular Bridge 10.7.0.0 <= 10.7.1.1

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Nicholas Starke

JSON

HP (HP)

What is CVE-2025-37162?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit