6.2
CVE-2025-37138
- EPSS 0.03%
- Veröffentlicht 14.10.2025 16:57:50
- Zuletzt bearbeitet 12.11.2025 21:05:32
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface (Physical Access Required)
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Arubanetworks ≫ Arubaos Version >= 8.10.0.0 < 8.10.0.19
Arubanetworks ≫ Arubaos Version >= 8.12.0.0 < 8.12.0.6
Arubanetworks ≫ Arubaos Version >= 8.13.0.0 < 8.13.1.0
Arubanetworks ≫ Arubaos Version >= 10.4.0.0 < 10.4.1.9
Arubanetworks ≫ Arubaos Version >= 10.7.0.0 < 10.7.2.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.03% | 0.074 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-alert@hpe.com | 6.2 | 0.3 | 5.9 |
CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
CWE-77 Improper Neutralization of Special Elements used in a Command ('Command Injection')
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.