Advisories

CERT-In Advisory CIAD-2025-0032

Multiple Vulnerabilities in Aruba Products

Original Issue Date: September 18, 2025

Severity Rating: High

Software Affected

HPE Aruba Networking EdgeConnect SD-WAN Gateways

HPE Aruba Networking EdgeConnect SD-WAN Release Stream 9.5.x.x: 9.5.3.x and below
HPE Aruba Networking EdgeConnect SD-WAN Release Stream 9.4.x.x: 9.4.3.x and below

Overview

Multiple vulnerabilities have been reported in the HPE Aruba Networking EdgeConnect SD-WAN Gateways that could be exploited by an authenticated attacker with administrative credentials to execute arbitrary code on the targeted system.

Target Audience:
All organizations and individuals using HPE Aruba Networking EdgeConnect SD-WAN Gateways.

Impact Assessment:
There are high risks of Access Restriction Bypass, Arbitrary Command Execution, Bypass Security Restrictions, Disclosure of Sensitive Information, Unauthorized Access to Sensitive Information, Unauthorized Read Access to Data, Unauthorized Read Access to Files, Unqualified Configuration Change, Authentication Restriction Bypass, unathorized modification.

Description

The HPE Aruba Networking EdgeConnect SD-WAN Gateways are advanced edge devices designed to deliver secure, high-performance, and intelligent software-defined WAN (SD-WAN) connectivity.

1. Command Injection Vulnerability ( CVE-2025-37123   )

A Vulnerability exists in the command-line interface (CLI) of HPE Aruba Networking EdgeConnect SD-WAN Gateways.
Successfully exploitation of this vulnerability could allow an authenticated remote attacker to execute arbitrary system commands with root privileges on the underlying operating system.

2. Unauthenticated Access Vulnerability ( CVE-2025-37124   )

A Vulnerability exists in HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections.
Successful exploitation of this vulnerability could allow an attacker to route potentially harmful traffic through to the internal network, leading to unauthorized access or disruption of services.

3. Broken Access Control Vulnerability ( CVE-2025-37125   )

A Vulnerability exists in HPE Aruba Networking EdgeConnect OS (ECOS). Successful exploitation of this vulnerability could allow an attacker to bypass firewall protections, potentially leading to unauthorized traffic being handled improperly.

4. Remote Code Execution Vulnerability ( CVE-2025-37126   )

A vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN Gateways' Command Line Interface that allows remote authenticated users to run arbitrary commands on the underlying host.
Successful exploitation of this vulnerability could allow to execute arbitrary commands as root on the underlying operating system.

5. Cryptographic Replay Attack Vulnerability ( CVE-2025-37127   )

A vulnerability exists in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system, potentially leading to unauthorized access and control over the affected systems.

6. Arbitrary Process Termination Vulnerability ( CVE-2025-37128   )

A vulnerability exists in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes.
Successful exploitation of this vulnerability could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.

7. Remote Code Execution Vulnerability ( CVE-2025-37129   )

A vulnerability exists in the command line interface of EdgeConnect SD-WAN could allow an authenticated attacker to exploit built-in script execution capabilities.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system if the feature is enabled without proper security measures.

8. File Enumeration Vulnerability ( CVE-2025-37130   )

A vulnerability exists in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system.
Successful exploitation of this vulnerability could allow an attacker to read sensitive data from the underlying file system.

9. File Exposure Vulnerability ( CVE-2025-37131   )

A vulnerability exists in EdgeConnect SD-WAN ECOS could allow an authenticated remote attacker with admin privileges to access unauthorized system files.
Successful exploitation of this vulnerability could lead to the exposure of sensitive information and its unauthorized exfiltration via a user-facing interface, under certain conditions.

Solution

Apply appropriate software updates as mentioned by Security vendor
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US

CVE Name
CVE-2025-37123
CVE-2025-37124
CVE-2025-37125
CVE-2025-37126
CVE-2025-37127
CVE-2025-37128
CVE-2025-37129
CVE-2025-37130
CVE-2025-37131

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-22902657

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India