CVE-2025-37137 MEDIUM

CVE-2025-37137: Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI)

Vendor Hewlett Packard Enterprise (Hpe)
Product ArubaOS (AOS)
Published October 14, 2025
Last update October 14, 2025

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated