CVE-2025-37139 MEDIUM

CVE-2025-37139: Vulnerability in AOS firmware allows for Authenticated Local malicious actor to Permanently Disable Boot

Vendor Hewlett Packard Enterprise (Hpe)
Product ArubaOS (AOS)
Published October 14, 2025
Last update October 14, 2025

CVSS base score

6.0/10
Attack vector Local
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated