Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Description

A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.

Basic Information

ID CVE-2025-37162

Source hpe

Published Nov 18, 2025 at 19:23

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking 100 Series Cellular Bridge

Version 10.7.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking 100 Series Cellular Bridge 10.7.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.",
    "published": "2025-11-18T19:23:20.504Z",
    "modified": "2025-11-18T19:23:20.504Z",
    "type": "cve",
    "title": "Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US",
    "id": "CVE-2025-37162",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking 100 Series Cellular Bridge 10.7.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking 100 Series Cellular Bridge",
    "version": "10.7.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated Command Injection Vulnerability Leading to Arbitrary Remote Command Execution_CVE-2025-37162

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply