CVE-2025-37177
Unknown
Unknown - Not Provided
Arbitrary File Deletion in AOS CLI Allows Remote File Removal
Publication date: 2026-01-13
Last updated on: 2026-01-13
Assigner: Hewlett Packard Enterprise (HPE)
Description
Description
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| hpe | mobility_conductor | From 8 (inc) to 10 (inc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an arbitrary file deletion issue in the command-line interface of mobility conductors running AOS-10 or AOS-8 operating systems. An authenticated remote attacker could exploit this to delete arbitrary files on the affected system.
How can this vulnerability impact me? :
Exploitation of this vulnerability could allow a remote malicious actor with authentication to delete important files on the system, potentially disrupting system operations and causing data loss or service outages.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70