Secure Boot Bypass allows for Compromise of Hardware Root of...

7.1 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N

Description

A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.

Basic Information

ID CVE-2025-37147

Source hpe

Published Oct 14, 2025 at 16:42

Modified Oct 14, 2025 at 19:13

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product ArubaOS (AOS)

Version 10.7.0.0

Affected Versions Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0

CWE Classification

CWE-290

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.",
    "published": "2025-10-14T16:42:57.397Z",
    "modified": "2025-10-14T19:13:51.499Z",
    "type": "cve",
    "title": "Secure Boot Bypass allows for Compromise of Hardware Root of Trust",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04958en_us&docLocale=en_US",
    "id": "CVE-2025-37147",
    "bulletinFamily": "",
    "cwe": [
        "CWE-290"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.1,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "ArubaOS (AOS)",
    "version": "10.7.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Secure Boot Bypass allows for Compromise of Hardware Root of Trust_CVE-2025-37147