CVE-2025-37177 MEDIUM

CVE-2025-37177: Authenticated Arbitrary File Deletion Vulnerability in AOS-10 or AOS-8 Command Line Interface (CLI)

Vendor Hewlett Packard Enterprise (Hpe)
Product ArubaOS (AOS)
Published January 13, 2026
Last update January 13, 2026

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

Key dates

02Disclosure timeline

January 13, 2026 CVE published
January 13, 2026 Record updated