Broken access control vulnerability in Firewall Configuration Leads to Unauthorized...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly

Basic Information

ID CVE-2025-37125

Source hpe

Published Sep 16, 2025 at 22:32

Modified Sep 16, 2025 at 22:36

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking EdgeConnect SD-WAN Gateway

Version 9.5.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0
Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A broken access control vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly",
    "published": "2025-09-16T22:32:04.483Z",
    "modified": "2025-09-16T22:36:16.694Z",
    "type": "cve",
    "title": "Broken access control vulnerability in Firewall Configuration Leads to  Unauthorized Access to Internal Network Resources",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US",
    "id": "CVE-2025-37125",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.5.0.0\nHewlett Packard Enterprise (HPE) HPE Aruba Networking EdgeConnect SD-WAN Gateway 9.4.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking EdgeConnect SD-WAN Gateway",
    "version": "9.5.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Broken access control vulnerability in Firewall Configuration Leads to Unauthorized Access to Internal Network Resources_CVE-2025-37125

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply