- 149/2025
- Critical
Aruba has released security updates to fix several vulnerabilities across multiple HPE Aruba products.
The addressed vulnerabilities could allow the attacker to gain elevated privileges, perform server-side request forgery attacks, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. HPE Networking Instant on Access Points Hardcoded Credential Exposure Vulnerability (CVE-2025-37103):
- CVSS: 9.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. HPE OneView Elevation of Privilege Vulnerability (CVE-2025-37101):
- CVSS: 8.7
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: Required
- Consequences: Gain Privileges
Sample of The Affected Products:
- HPE Networking Instant.
- HPE Telco Service Orchestrator Software.
- HPE OneView.
Vulnerabilities
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.