VDB

CVE-2025-37175

CVE-2025-37175 PUBLISHED CVSS 7.199999809265137 HIGH

Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.

EPSS 0.08% · 24.6th percentile

Risk Scores

CVSS 3.1
7.199999809265137
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.08%
24.6th percentile

Affected Products

VendorProductVersions
Hewlett Packard Enterprise (HPE)ArubaOS (AOS)10.6.0.0, 10.3.0.0, 8.10.0.0
arubanetworksarubaos10.3.0.0, 6.5.4.0, 10.5.0.0

Timeline

  • Jan 13, 2026 CVE Published
  • Jan 14, 2026 EPSS Score
  • Jan 17, 2026 EPSS Score
  • Jan 20, 2026 EPSS Score
  • Jan 23, 2026 EPSS Score
  • Jan 26, 2026 EPSS Score
  • Jan 29, 2026 EPSS Score
  • Feb 1, 2026 EPSS Score
  • Feb 4, 2026 EPSS Score
  • Feb 7, 2026 EPSS Score
  • Feb 10, 2026 EPSS Score
  • Feb 13, 2026 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›