CVE-2025-37160

MEDIUM

HPE Arubaos-cx < 10.10.1170 - Information Disclosure

Title source: rule

Description

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote attacker with low privileges to view sensitive information. Successful exploitation of this vulnerability could enable the attacker to disclose sensitive data.

References (1)

[Vendor Advisory] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Scores

CVSS v3 5.3

EPSS 0.0006

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (1)

hpe/arubaos-cx < 10.10.1170

Timeline

Published Nov 18, 2025

Tracked Since Feb 18, 2026