{“lastseen”:””,”description”:”An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller\/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.”,”published”:”2025-10-14T17:00:24.490Z”,”modified”:”2025-10-14T18:19:14.303Z”,”type”:”cve”,”title”:”Authenticated Arbitrary File Download Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller\/Mobility Conductor Web Interface (Physical Access Required)”,”source”:”hpe”,”references”:”https:\/\/support.hpe.com\/hpesc\/public\/docDisplay?docId=hpesbnw04957en_us\\u0026docLocale=en_US”,”id”:”CVE-2025-37143″,”bulletinFamily”:””,”cwe”:[“CWE-284″],”cvelist”:null,”sourceData”:”Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0″,”sourceHref”:””,”cvss”:{“score”:4.9,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:N\/A:N”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”ArubaOS (AOS)”,”version”:”10.7.0.0″,”vendor”:”Hewlett Packard Enterprise (HPE)”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller\/Mobility Conductor operating systems. Successful exploitation could allow an…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,65,12,21,13,7,11,5],"class_list":["post-21566","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-49","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n