CVE-2025-37127 HIGH

CVE-2025-37127: Authenticated Replay Attack contains Cryptographic Vulnerability

Vendor Hewlett Packard Enterprise (Hpe)
Product HPE Aruba Networking EdgeConnect SD-WAN Gateway
Published September 16, 2025
Last update September 17, 2025

CVSS base score

7.2/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

Key dates

02Disclosure timeline

September 16, 2025 CVE published
September 17, 2025 Record updated