Description
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
Scores
CVSS v3
6.5
EPSS
0.0004
EPSS Percentile
13.4%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-552
Status
published
Products (2)
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN Gateway
9.4.0.0 - 9.4.3.7
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking EdgeConnect SD-WAN Gateway
9.5.0.0 - 9.5.3.6
Published
Sep 16, 2025
Tracked Since
Feb 18, 2026