Hard-Coded Encryption Keys found in System_CVE-2025-37112

6 / 10

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Description

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Basic Information

ID CVE-2025-37112

Source hpe

Published Jul 31, 2025 at 19:42

Modified Jul 31, 2025 at 20:01

Affected Product

Vendor Hewlett Packard Enterprise

Product HPE Telco Network Function Virtual Orchestrator

Version 7.0.0

Affected Versions Hewlett Packard Enterprise HPE Telco Network Function Virtual Orchestrator 7.0.0

CWE Classification

CWE-798

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.",
    "published": "2025-07-31T19:42:04.081Z",
    "modified": "2025-07-31T20:01:12.230Z",
    "type": "cve",
    "title": "Hard-Coded Encryption Keys found in System",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us",
    "id": "CVE-2025-37112",
    "bulletinFamily": "",
    "cwe": [
        "CWE-798"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise HPE Telco Network Function Virtual Orchestrator 7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Telco Network Function Virtual Orchestrator",
    "version": "7.0.0",
    "vendor": "Hewlett Packard Enterprise",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}