CVE-2025-37168 HIGH

CVE-2025-37168: Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System

Vendor Hewlett Packard Enterprise (Hpe)
Product ArubaOS (AOS)
Published January 13, 2026
Last update January 14, 2026

CVSS base score

8.2/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
January 14, 2026 Record updated