Arubaos Cx
CVE-2025-37157
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
AnalysisAI
A command injection vulnerability exists in the AOS-CX Operating System. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Code Injection (CWE-94), which allows attackers to inject and execute arbitrary code within the application. A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. Affected products include: Hpe Arubaos-Cx.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Never evaluate user-controlled input as code. Use sandboxing, disable dangerous functions, apply strict input validation.
More in Arubaos Cx
View allAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Rated high severity (CVSS
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Rated high severity
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote at
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticate
A command injection vulnerability exists in the AOS-CX Operating System. Rated medium severity (CVSS 6.7), this vulnerab
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Rated medium severity (CVSS 6.8),
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control
Same weakness CWE-94 – Code Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today