9.1

CVE-2025-37168

Medienbericht

Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ArubanetworksArubaos Version >= 6.5.4.0 < 8.10.0.21
ArubanetworksArubaos Version >= 8.11.0.0 < 8.13.1.1
ArubanetworksArubaos Version >= 10.3.0.0 < 10.4.1.10
ArubanetworksArubaos Version >= 10.5.0.0 < 10.7.2.2
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.298
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
security-alert@hpe.com 8.2 3.9 4.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
CWE-552 Files or Directories Accessible to External Parties

The product makes files or directories accessible to unauthorized actors, even though they should not be.

Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
VulnDex Intel
Media Report
15.01.2026 11:25
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US
Vendor Advisory