CVE-2025-37104 HIGH

CVE-2025-37104: HPE Telco Service Orchestrator Software, Authenticated SQL Injection

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Telco Service Orchestrator
Published July 16, 2025
Last update July 18, 2025

CVSS base score

7.1/10
Attack vector Adjacent
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L

What the vulnerability does

01Description

A security vulnerability has been identified in HPE Telco Service Orchestrator software. The vulnerability could allow authenticated clients to to perform a SQL Injection attack when sending a service request, and potentially exfiltrate the database's vendor name to unauthorized authenticated clients.

Key dates

02Disclosure timeline

July 16, 2025 CVE published
July 18, 2025 Record updated