vulnerability

Aruba AOS-8: CVE-2025-37176: Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:N)	Jan 13, 2026	Jan 14, 2026	Jan 14, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:N)

Published

Jan 13, 2026

Added

Jan 14, 2026

Modified

Jan 14, 2026

Description

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.

Solution

aruba-aos-8-cve-2025-37176

References

CVE-2025-37176
https://attackerkb.com/topics/CVE-2025-37176
URL-https://csaf.arubanetworks.com/2026/hpe_aruba_networking_-_hpesbnw04987.json
CWE-77

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today