CVE-2025-37123

HIGH

HPE Aruba Networking EdgeConnect - Privilege Escalation

Title source: llm

Description

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US

Scores

CVSS v3 8.8

EPSS 0.0043

EPSS Percentile 33.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (2)

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0 - 9.4.3.7

Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0 - 9.5.3.6

Published Sep 16, 2025

Tracked Since Feb 18, 2026