CVE-2025-37127 | THREATINT

Description

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-16 | Updated 2025-09-17 | Assigner hpe

HIGH: 7.2CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Product status

Default status

affected

9.5.0.0 (semver)

affected

9.4.0.0 (semver)

affected

Credits

NCC Group reporter

References

support.hpe.com/...y?docId=hpesbnw04943en_us&docLocale=en_US

cve.org (CVE-2025-37127)

nvd.nist.gov (CVE-2025-37127)

Download JSON