Arubaos Cx
CVE-2025-37158
MEDIUM
Severity by source
AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
2DescriptionCVE.org
A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system.
AnalysisAI
A command injection vulnerability exists in the AOS-CX Operating System. Rated medium severity (CVSS 6.7), this vulnerability is no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified as OS Command Injection (CWE-78), which allows attackers to execute arbitrary operating system commands on the host. A command injection vulnerability exists in the AOS-CX Operating System. Successful exploitation could allow an authenticated remote attacker to conduct a Remote Code Execution (RCE) on the affected system. Affected products include: Hpe Arubaos-Cx.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Avoid passing user input to shell commands. Use language-specific APIs instead of shell execution. Apply strict input validation with allowlists.
More in Arubaos Cx
View allAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Rated high severity (CVSS
An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Rated high severity
A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote at
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticate
A command injection vulnerability exists in the AOS-CX Operating System. Rated medium severity (CVSS 6.7), this vulnerab
A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Rated medium severity (CVSS 6.8),
A vulnerability in the SSH restricted shell interface of the network management services allows improper access control
Same weakness CWE-78 – OS Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today