CVE-2025-37133

Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage.

Description

An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.

INFO

Published Date :

2025-10-14T16:54:36.030Z

Last Modified :

2026-02-26T17:47:31.319Z

Source :

hpe

AFFECTED PRODUCTS

The following products are affected by CVE-2025-37133 vulnerability.

Vendors	Products
Arubanetworks	Arubaos
Hpe	Arubaos

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-37133.

URL	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact