Home

Description

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.

PUBLISHED Reserved 2025-04-16 | Published 2026-01-13 | Updated 2026-01-14 | Assigner hpe




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Product status

Default status
affected

8.12.0.0 (semver)
affected

8.10.0.0 (semver)
affected

Credits

Erik de Jong reporter

References

support.hpe.com/...y?docId=hpesbnw04987en_us&docLocale=en_US

cve.org (CVE-2025-37176)

nvd.nist.gov (CVE-2025-37176)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.