VYPR
Unrated severityNVD Advisory· Published Oct 14, 2025· Updated Feb 26, 2026

Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write

CVE-2025-37132

Description

An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.

Affected products

1
  • Hewlett Packard Enterprise (HPE)/ArubaOS (AOS)v5
    Range: 10.7.0.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.