CVE-2025-37147 HIGH

CVE-2025-37147: Secure Boot Bypass allows for Compromise of Hardware Root of Trust

Vendor Hewlett Packard Enterprise (Hpe)
Product ArubaOS (AOS)
Published October 14, 2025
Last update October 14, 2025

CVSS base score

7.1/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

What the vulnerability does

01Description

A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.

Key dates

02Disclosure timeline

October 14, 2025 CVE published
October 14, 2025 Record updated