vulnerability

Aruba ECOS: CVE-2025-37183: Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:M/C:C/I:C/A:C)	Jan 13, 2026	Jan 15, 2026	Feb 11, 2026

Severity

CVSS

(AV:N/AC:L/Au:M/C:C/I:C/A:C)

Published

Jan 13, 2026

Added

Jan 15, 2026

Modified

Feb 11, 2026

Description

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.

Solution

aruba-ecos-cve-2025-37183

References

CVE-2025-37183
https://attackerkb.com/topics/CVE-2025-37183
URL-https://csaf.arubanetworks.com/2026/hpe_aruba_networking_-_hpesbnw04992.json
CWE-89

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today