CVE-2025-37141
BaseFortify
Publication date: 2025-10-14
Last updated on: 2025-11-12
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| arubanetworks | arubaos | From 8.10.0.0 (inc) to 8.10.0.19 (exc) |
| arubanetworks | arubaos | From 8.12.0.0 (inc) to 8.12.0.6 (exc) |
| arubanetworks | arubaos | From 8.13.0.0 (inc) to 8.13.1.0 (exc) |
| arubanetworks | arubaos | From 10.4.0.0 (inc) to 10.4.1.9 (exc) |
| arubanetworks | arubaos | From 10.7.0.0 (inc) to 10.7.2.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file download issue in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. It allows an authenticated malicious actor to download arbitrary files by exploiting the system with carefully crafted commands.
How can this vulnerability impact me? :
The impact of this vulnerability is that an authenticated attacker could download sensitive or critical files from the affected systems, potentially leading to exposure of confidential information. However, it does not allow modification or disruption of system availability.