7.2
CVE-2025-37134
- EPSS 0.07%
- Veröffentlicht 14.10.2025 16:56:05
- Zuletzt bearbeitet 12.11.2025 16:24:16
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 8.10.0.0 < 8.10.0.19
Arubanetworks ≫ Arubaos Version >= 8.12.0.0 < 8.12.0.6
Arubanetworks ≫ Arubaos Version >= 8.13.0.0 < 8.13.1.0
Arubanetworks ≫ Arubaos Version >= 10.4.0.0 < 10.4.1.9
Arubanetworks ≫ Arubaos Version >= 10.7.0.0 < 10.7.2.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.203 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-alert@hpe.com | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.