CVE-2025-37128 | THREATINT

Description

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-16 | Updated 2025-09-17 | Assigner hpe

MEDIUM: 6.8CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Product status

Default status

affected

9.5.0.0 (semver)

affected

9.4.0.0 (semver)

affected

Credits

NCC Group reporter

References

support.hpe.com/...y?docId=hpesbnw04943en_us&docLocale=en_US

cve.org (CVE-2025-37128)

nvd.nist.gov (CVE-2025-37128)

Download JSON