Arbitrary File Deletion Vulnerability in HPE Mobility Conductor Products
CVE-2025-37177

6.5MEDIUM

Key Information:

Vendor: HP (HP)
Status: Arubaos (aos)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37177?

An arbitrary file deletion vulnerability has been detected within the command-line interface of HPE Mobility Conductor products running on AOS-10 and AOS-8 operating systems. This vulnerability allows an authenticated remote attacker to delete files indiscriminately within the system, potentially compromising the integrity and availability of critical data. Users of affected software versions should take immediate measures to mitigate the risk associated with this security flaw.

Affected Version(s)

ArubaOS (AOS) 10.6.0.0 <= 10.7.2.1

ArubaOS (AOS) 10.3.0.0 <= 10.4.1.9

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

LIUPENG

JSON

HP (HP)

What is CVE-2025-37177?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit