vulnerability

Aruba ECOS: CVE-2025-37124: Unauthenticated Access Vulnerability allows Transit Traffic Misrouting in SD-WAN Edge Interface

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:N/C:P/I:P/A:C)	Sep 16, 2025	Sep 17, 2025	Sep 19, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:C)

Published

Sep 16, 2025

Added

Sep 17, 2025

Modified

Sep 19, 2025

Description

A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services.

Solution

aruba-ecos-cve-2025-37124

References

CVE-2025-37124
https://attackerkb.com/topics/CVE-2025-37124
URL-https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04943.json
CWE-693

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today