CVE-2025-37155
BaseFortify
Publication date: 2025-11-18
Last updated on: 2025-12-04
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hpe | arubaos-cx | From 10.10.0000 (inc) to 10.10.1170 (exc) |
| hpe | arubaos-cx | From 10.13.0000 (inc) to 10.13.1101 (exc) |
| hpe | arubaos-cx | From 10.14.0000 (inc) to 10.14.1060 (exc) |
| hpe | arubaos-cx | From 10.15.0000 (inc) to 10.15.1030 (exc) |
| hpe | arubaos-cx | From 10.16.0000 (inc) to 10.16.1001 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the SSH restricted shell interface of the network management services. It allows improper access control for users who are authenticated with read-only privileges. If exploited, an attacker with these limited read-only rights could escalate their access to gain full administrator privileges on the affected system.
How can this vulnerability impact me? :
If exploited, this vulnerability could allow an attacker who only has read-only access to the system to gain administrator-level access. This means the attacker could potentially control, modify, or disrupt the system, leading to severe security risks including data breaches, system manipulation, or denial of service.