Arbitrary File Deletion in Mobility Conductors by HPE AOS-8 Operating System
CVE-2025-37168

8.2HIGH

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37168?

A vulnerability exists in the AOS-8 operating system used by mobility conductors, allowing unauthenticated remote attackers to delete arbitrary files from affected systems. This exploitation could lead to service disruption and potential denial-of-service conditions, compromising the integrity and availability of the devices.

Affected Version(s)

ArubaOS (AOS) 8.12.0.0 <= 8.13.1.0

ArubaOS (AOS) 8.10.0.0 <= 8.10.0.20

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

n3k

CVE-2025-37168 Data

JSON

HP (HP)

What is CVE-2025-37168?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit