Unrestricted Binary allows File Enumeration in Underlying Operating System

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.

Basic Information

ID CVE-2025-37130

Source hpe

Published Sep 16, 2025 at 22:20

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking EdgeConnect SD-WAN Gateway

Version 9.5.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.",
    "published": "2025-09-16T22:20:53.184Z",
    "modified": "2025-09-16T22:20:53.184Z",
    "type": "cve",
    "title": "Unrestricted Binary allows File Enumeration in Underlying Operating  System",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US",
    "id": "CVE-2025-37130",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking EdgeConnect SD-WAN Gateway",
    "version": "9.5.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Unrestricted Binary allows File Enumeration in Underlying Operating System_CVE-2025-37130

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply