CVE-2025-37168 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-37168 PUBLISHED CVSS 8.199999809265137 HIGH

Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.

EPSS 0.08% · 22.5th percentile

Risk Scores

CVSS v3.1

8.199999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

EPSS Score

0.08%

22.5th percentile

Affected Products

Vendor	Product	Versions
arubanetworks	arubaos	6.5.4.0, 8.11.0.0, 10.3.0.0
Hewlett Packard Enterprise (HPE)	ArubaOS (AOS)	8.12.0.0, 8.10.0.0

Timeline

Jan 13, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 14, 2026 PoC Published
Jan 14, 2026 PoC Published
Jan 14, 2026 CVE Updated
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score

References

Open in Interactive Console →