Unrated severityNVD Advisory· Published Nov 18, 2025· Updated Feb 26, 2026

Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI

CVE-2025-37163

Description

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.

Affected products

Aruba/Airwave Platformllm-create
Hewlett Packard Enterprise (HPE)/HPE Aruba Networking Management Software (Airwave)v5
Range: 8.3.0.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.hpe.com/hpesc/public/docDisplaymitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000