Airwave
CVE-2025-37163
HIGH
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.
AnalysisAI
A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system. Affected products include: Arubanetworks Airwave.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. R
Same weakness CWE-77 – Command Injection
View allSame technique Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today