CVE-2025-37166 HIGH

CVE-2025-37166: Unexpected shutdown in HPE Instant On Access Points after processing specific packets

Vendor Hewlett Packard Enterprise (Hpe)
Product Instant On
Published January 13, 2026
Last update May 10, 2026

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
May 10, 2026 Record updated