CVE-2025-37175 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-37175 PUBLISHED CVSS 7.199999809265137 HIGH

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.

EPSS 0.07% · 20.1th percentile

Risk Scores

CVSS v3.1

7.199999809265137

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.07%

20.1th percentile

Affected Products

Vendor	Product	Versions
Hewlett Packard Enterprise (HPE)	ArubaOS (AOS)	10.6.0.0, 10.3.0.0, 8.10.0.0
arubanetworks	arubaos	10.3.0.0, 6.5.4.0, 10.5.0.0

Timeline

Jan 13, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score

References

Open in Interactive Console →