Configuration Exposure in HPE Instant On Access Points
CVE-2025-37165

7.5HIGH

Key Information:

Vendor: HP (HP)
Status: Instant On
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37165?

A vulnerability exists in the router mode configuration of HPE Instant On Access Points that unintentionally exposes sensitive network configuration details. Malicious actors can exploit this flaw by inspecting affected packets, leading to the potential disclosure of internal network settings, which could compromise network security and integrity.

Affected Version(s)

Instant On 3.0.0.0 <= 3.3.1.0

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Daniel J. Blueman

JSON

HP (HP)

What is CVE-2025-37165?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit