Command Injection Vulnerability in HPE Aruba Networking Airwave Platform
CVE-2025-37163

7.2HIGH

Key Information:

Vendor: HP (HP)
Status: HP Aruba Networking Management Software (airwave)
Vendor: CVE Published:; 18 November 2025

What is CVE-2025-37163?

A command injection vulnerability exists in the command line interface of the HPE Aruba Networking Airwave Platform. This allows an authenticated attacker to execute arbitrary operating system commands with elevated privileges on the underlying OS, posing significant security risks. Proper mitigation measures should be implemented to protect the system from potential exploitations.

Affected Version(s)

HPE Aruba Networking Management Software (Airwave) 8.3.0.0 <= 8.3.0.4

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Michael 'Smolli' Smolinski

JSON

HP (HP)

What is CVE-2025-37163?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit