Arubaos
CVE-2025-37177
MEDIUM
Severity by source
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
AnalysisAI
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. [CVSS 6.5 MEDIUM]
Technical ContextAI
Classified as CWE-552 (Files or Directories Accessible to External Parties). Affects the command-line component of Arubaos. An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut
There is a vulnerability in the AP Certificate Management Service which could allow a threat actor to execute an unauthe
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There are vulnerabilities in the Soft AP Daemon Service which could allow a threat actor to execute an unauthenticated R
There is a command injection vulnerability in the underlying deauthentication service that could lead to unauthenticated
There are command injection vulnerabilities in the underlying Soft AP Daemon service that could lead to unauthenticated
There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthent
There is a buffer overflow vulnerability in the underlying SAE (Simultaneous Authentication of Equals) service that coul
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying Central Communications service that could lead to unauthenti
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code e
Same technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today