Local Privilege Escalation Vulnerability in HPE Aruba Networking VIA Client
CVE-2025-37186

7.8HIGH

Key Information:

Vendor: HP (HP)
Status: Virtual Intranet Access (via)
Vendor: CVE Published:; 13 January 2026

What is CVE-2025-37186?

A local privilege escalation vulnerability has been identified in the HPE Aruba Networking Virtual Intranet Access (VIA) client. This vulnerability allows an attacker with local access to exploit the fault and gain arbitrary code execution with root privileges, potentially compromising the security of the affected systems. It is crucial for users of the VIA client to implement recommended security practices and update their applications to safeguard against potential exploitation.

Affected Version(s)

Virtual Intranet Access (VIA) 4.0.0 <= 4.7.5

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpe...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2026
Vulnerability Reserved
Apr 16, 2025

Credit

John Carroll

CVE-2025-37186 Data

JSON

HP (HP)

What is CVE-2025-37186?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit