Authenticated Command Injection Vulnerability in HPE Mobility Conductors
CVE-2025-37170

7.2HIGH

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37170?

An authenticated command injection vulnerability exists in the web-based management interface of HPE Mobility Conductors running the AOS-8 operating system. This flaw can be exploited by an authenticated malicious actor, allowing them to execute arbitrary commands with the privileges of a privileged user on the underlying operating system, potentially compromising system integrity and security.

Affected Version(s)

ArubaOS (AOS) 8.12.0.0 <= 8.13.1.0

ArubaOS (AOS) 8.10.0.0 <= 8.10.0.20

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

zzcentury from Ubisectech Sirius Team

JSON

HP (HP)

What is CVE-2025-37170?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit