7.1
CVE-2025-37147
- EPSS 0.02%
- Veröffentlicht 14.10.2025 16:42:57
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle security-alert@hpe.com
- CVE-Watchlists
- Unerledigt
Secure Boot Bypass allows for Compromise of Hardware Root of Trust
A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerHewlett Packard Enterprise (HPE)
≫
Produkt
ArubaOS (AOS)
Default Statusaffected
Version <=
10.7.1.1
Version
10.7.0.0
Status
affected
Version <=
10.4.1.8
Version
10.4.0.0
Status
affected
Version <=
8.13.0.1
Version
8.13.0.0
Status
affected
Version <=
8.12.0.5
Version
8.12.0.0
Status
affected
Version <=
8.10.0.18
Version
8.10.0.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.045 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-alert@hpe.com | 7.1 | 2.5 | 4 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
|
CWE-290 Authentication Bypass by Spoofing
This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.