CVE-2025-37176 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-37176 PUBLISHED CVSS 6.5 MEDIUM

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.

EPSS 0.07% · 21.1th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

0.07%

21.1th percentile

Affected Products

Vendor	Product	Versions
arubanetworks	arubaos	8.6.0.0, 8.11.0.0
Hewlett Packard Enterprise (HPE)	ArubaOS (AOS)	8.12.0.0, 8.10.0.0

Timeline

Jan 13, 2026 CVE Published
Jan 14, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 21, 2026 EPSS Score
Jan 24, 2026 EPSS Score
Jan 26, 2026 EPSS Score
Jan 28, 2026 EPSS Score
Jan 31, 2026 EPSS Score
Feb 2, 2026 EPSS Score
Feb 5, 2026 EPSS Score
Feb 7, 2026 EPSS Score

References

Open in Interactive Console →