Improper Input Handling in HPE Mobility Conductors
CVE-2025-37173

7.2HIGH

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37173?

An improper input handling vulnerability exists within the web-based management interface of HPE Mobility Conductors operating on AOS-10 and AOS-8. If exploited by an authenticated attacker with valid credentials, this vulnerability could lead to unintended behavior, potentially compromising the integrity and functionality of the affected systems. Organizations using these systems should be aware of this risk and ensure that appropriate security measures are in place.

Affected Version(s)

ArubaOS (AOS) 10.6.0.0 <= 10.7.2.1

ArubaOS (AOS) 10.3.0.0 <= 10.4.1.9

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

moonv

JSON

HP (HP)

What is CVE-2025-37173?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit