CVE-2025-37124

HIGH

HPE Aruba Networking SD-WAN - Auth Bypass

Title source: llm

Description

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

References (1)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US

Scores

CVSS v3 8.6

EPSS 0.0006

EPSS Percentile 18.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

Classification

CWE

CWE-693

Status draft

Timeline

Published Sep 16, 2025

Tracked Since Feb 18, 2026