Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface

7.2 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Description

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.

Basic Information

ID CVE-2025-37182

Source hpe

Published Jan 14, 2026 at 16:17

Modified Jan 14, 2026 at 16:40

Affected Product

Vendor Hewlett Packard Enterprise (HPE)

Product EdgeConnect SD-WAN Orchestrator

Version 9.5.0

Affected Versions Hewlett Packard Enterprise (HPE) EdgeConnect SD-WAN Orchestrator 9.5.0
Hewlett Packard Enterprise (HPE) EdgeConnect SD-WAN Orchestrator 9.4.0

CWE Classification

CWE-89

References

support.hpe.com /hpesc/public/docDisplay

{
    "lastseen": "",
    "description": "Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful  exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.",
    "published": "2026-01-14T16:17:12.170Z",
    "modified": "2026-01-14T16:40:21.747Z",
    "type": "cve",
    "title": "Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface",
    "source": "hpe",
    "references": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US",
    "id": "CVE-2025-37182",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Hewlett Packard Enterprise (HPE) EdgeConnect SD-WAN Orchestrator 9.5.0\nHewlett Packard Enterprise (HPE) EdgeConnect SD-WAN Orchestrator 9.4.0",
    "sourceHref": "",
    "cvss": {
        "score": 7.2,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "EdgeConnect SD-WAN Orchestrator",
    "version": "9.5.0",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Authenticated SQL Injection in EdgeConnect SD-WAN Orchestrator Web-Based Management Interface_CVE-2025-37182