- 207/2025
- High
Aruba has released security updates to fix several vulnerabilities across multiple HPE Aruba products.
The addressed vulnerabilities could allow the attacker to perform cross-site scripting attacks, bypass security restrictions, conduct denial of service attacks, obtain sensitive information, or execute arbitrary code and gain access to the affected product.
Sample of the addressed vulnerabilities:
1. HPE Networking EdgeConnect SD-WAN Gateways Authenticated Command Injection Vulnerability (CVE-2025-37123):
- CVSS: 8.8
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: Low
- User Interaction: None
- Consequences: Gain Privileges
2. HPE Networking EdgeConnect SD-WAN Gateways Unauthenticated Access Vulnerability (CVE-2025-37124):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
Sample of the affected products:
- HPE Aruba Networking EdgeConnect SD-WAN Gateways.
- HPE Aruba Networking ClearPass.
- HPE Telco Service Activator.
Vulnerabilities
- CVE-2025-37123
- CVE-2025-37124
- CVE-2025-37128
- CVE-2025-37129
- CVE-2025-37122
- CVE-2025-37108
- CVE-2025-37125
- CVE-2025-37126
- CVE-2025-37127
- CVE-2025-37130
- CVE-2025-37131
- CVE-2025-37109
- CVE-2020-36843
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.