Authenticated Arbitrary File Read allows Data Exposure in CLI Interface

4.9 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Description

A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.

Basic Information

ID CVE-2025-37131

Source hpe

Published Sep 16, 2025 at 22:17

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking EdgeConnect SD-WAN Gateway

Version 9.5.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.",
    "published": "2025-09-16T22:17:32.261Z",
    "modified": "2025-09-16T22:17:32.261Z",
    "type": "cve",
    "title": "Authenticated Arbitrary File Read allows Data Exposure in CLI  Interface",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US",
    "id": "CVE-2025-37131",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 4.9,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking EdgeConnect SD-WAN Gateway",
    "version": "9.5.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated Arbitrary File Read allows Data Exposure in CLI Interface_CVE-2025-37131

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply