CVE-2025-37112 MEDIUM

CVE-2025-37112: Hard-Coded Encryption Keys found in System

Vendor Hewlett Packard Enterprise
Product HPE Telco Network Function Virtual Orchestrator
Weakness CWE-798 · Hardcoded credentials
Published July 31, 2025
Last update July 31, 2025

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Key dates

02Disclosure timeline

July 31, 2025 CVE published
July 31, 2025 Record updated