CVE-2025-37125

Description

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

Hewlett Packard Enterprise (HPE) / HPE Aruba Networking EdgeConnect SD-WAN Gateway9.5.0.0 – 9.5.3.6
Hewlett Packard Enterprise (HPE) / HPE Aruba Networking EdgeConnect SD-WAN Gateway9.4.0.0 – 9.4.3.7

References

MISChttps://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US