Command Injection Vulnerability in AOS-8 by HPE
CVE-2025-37176

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37176?

AOS-8 contains a command injection vulnerability that can be exploited by an authenticated privileged user. By modifying a package header, an attacker can inject arbitrary shell commands, affecting internal operations. This flaw allows a malicious actor with proper access to execute commands with elevated privileges, potentially compromising the system's integrity.

Affected Version(s)

ArubaOS (AOS) 8.12.0.0 <= 8.13.1.0

ArubaOS (AOS) 8.10.0.0 <= 8.10.0.20

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

Erik de Jong

JSON

HP (HP)

What is CVE-2025-37176?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit