CVE-2025-37127

Authenticated Replay Attack contains Cryptographic Vulnerability

CVSS 7.2 HIGHEPSS 0.1%CWE-327

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.2EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 sep 2025Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H

Productos afectados

Hewlett Packard Enterprise (HPE) · HPE Aruba Networking EdgeConnect SD-WAN Gateway

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US