Out-of-Bounds Read Vulnerabilities in HPE System Component
CVE-2025-37179

5.3MEDIUM

Key Information:

Vendor

HP (HP)

Status
Arubaos (aos)
Vendor
CVE Published:
13 January 2026

What is CVE-2025-37179?

Multiple out-of-bounds read vulnerabilities have been discovered in a key system component from Hewlett Packard Enterprise, related to the management of certain data buffers. These vulnerabilities stem from inadequate validation of maximum buffer size values, which may lead the affected process to access memory outside its intended boundaries. In specific scenarios, this flaw could cause the process to crash, potentially resulting in a denial-of-service condition for the impacted system.

Affected Version(s)

ArubaOS (AOS) 8.12.0.0 <= 8.13.1.0

ArubaOS (AOS) 8.12.0.0 <= 8.13.1.0

ArubaOS (AOS) 8.10.0.0 <= 8.10.0.20

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

m0omo0d
JSON
.