CVE-2025-37133
Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.
Vexday Risk Score
21Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 7.2EPSS 1.3%KEV nãoPoC —Patch —
Ciclo de vida
14 out 2025Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Produtos afetados
Hewlett Packard Enterprise (HPE) · ArubaOS (AOS)Quer saber se a sua infraestrutura está exposta a isto?
Falar com a TrueHacking →