CVE-2025-37131 | THREATINT

Description

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-16 | Updated 2025-09-17 | Assigner hpe

MEDIUM: 4.9CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Product status

Default status

affected

9.5.0.0 (semver)

affected

9.4.0.0 (semver)

affected

Credits

NCC Group reporter

References

support.hpe.com/...y?docId=hpesbnw04943en_us&docLocale=en_US

cve.org (CVE-2025-37131)

nvd.nist.gov (CVE-2025-37131)

Download JSON