- 257/2025
- High
HPE Aruba Networking has released security updates to address several vulnerabilities across multiple Aruba products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform denial-of-service attacks, conduct command injection attacks, hijack user sessions, or execute arbitrary code on the affected system.
Sample of the addressed vulnerabilities:
1. Aruba AOS-CX Network Management Interface Privilege Escalation Vulnerability (CVE-2025-37155):
- CVSS: 7.8
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. Aruba 100 Series Cellular Bridge Unauthenticated Remote Denial-of-Service Vulnerability (CVE-2025-37161):
- CVSS: 7.5
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
The affected products:
- HPE Aruba Networking CX Switch Series running AOS-CX.
- HPE Aruba Networking 100 Series Cellular Bridge.
- HPE Aruba Networking Management Software (AirWave).
Vulnerabilities
- CVE-2025-37155
- CVE-2025-37156
- CVE-2025-37157
- CVE-2025-37160
- CVE-2025-37161
- CVE-2025-37162
- CVE-2025-37158
- CVE-2025-37159
- CVE-2025-37163
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.