Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software...

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system.

Basic Information

ID CVE-2025-37163

Source hpe

Published Nov 18, 2025 at 19:06

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product HPE Aruba Networking Management Software (Airwave)

Version 8.3.0.0

Affected Versions Hewlett Packard Enterprise (HPE) HPE Aruba Networking Management Software (Airwave) 8.3.0.0

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying  operating system.",
    "published": "2025-11-18T19:06:11.180Z",
    "modified": "2025-11-18T19:06:55.129Z",
    "type": "cve",
    "title": "Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US",
    "id": "CVE-2025-37163",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) HPE Aruba Networking Management Software (Airwave) 8.3.0.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "HPE Aruba Networking Management Software (Airwave)",
    "version": "8.3.0.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated Command Injection Vulnerability in HPE Aruba Networking Management Software (AirWave) CLI_CVE-2025-37163

Description

Basic Information

Affected Product

References

💭 Join the Security Discussion ❌ Cancel Reply