{“lastseen”:””,”description”:”An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers\/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system.”,”published”:”2025-10-14T16:57:50.910Z”,”modified”:”2025-10-14T19:24:40.242Z”,”type”:”cve”,”title”:”Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller\/Mobility Conductor Web-Based Management Interface (Physical Access Required)”,”source”:”hpe”,”references”:”https:\/\/support.hpe.com\/hpesc\/public\/docDisplay?docId=hpesbnw04957en_us\\u0026docLocale=en_US”,”id”:”CVE-2025-37138″,”bulletinFamily”:””,”cwe”:[“CWE-77″],”cvelist”:null,”sourceData”:”Hewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.7.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 10.4.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.13.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.12.0.0\\nHewlett Packard Enterprise (HPE) ArubaOS (AOS) 8.10.0.0″,”sourceHref”:””,”cvss”:{“score”:6.2,”severity”:”MEDIUM”,”vector”:”CVSS:3.1\/AV:P\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H”,”version”:”3.1″},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:””,”category_name”:”CVE”,”post_link”:””,”product”:”ArubaOS (AOS)”,”version”:”10.7.0.0″,”vendor”:”Hewlett Packard Enterprise (HPE)”,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:””,”description”:”An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers\/Mobility Conductor operating system. Exploitation of this vulnerability…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[6,8,102,12,21,13,7,11,5],"class_list":["post-21725","post","type-post","status-publish","format-standard","hentry","category-category_cve","tag-cve","tag-cvss","tag-cvss-62","tag-exploit","tag-medium","tag-news","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n