CVE-2025-37163

HIGH

Aruba Airwave < 8.3.0.5 - Authenticated OS Command Injection via Command Line Interface

Title source: llm

Description

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.

References (1)

Core 1

Core References

Vendor Advisory

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US

Scores

CVSS v3 7.2

EPSS 0.0010

EPSS Percentile 26.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-78 CWE-77

Status published

Products (1)

arubanetworks/airwave < 8.3.0.5

Published Nov 18, 2025

Tracked Since Feb 18, 2026