The vulnerabilities, identified as CVE-2025-37103 and CVE-2025-37102, affect devices running software version 3.2.0.1 and below, prompting immediate patching recommendations from the company.
The most severe vulnerability, CVE-2025-37103,
This vulnerability stems from hardcoded login credentials embedded within the HPE Networking Instant On Access Points’ web interface, allowing attackers with knowledge of these credentials to completely bypass normal device authentication mechanisms.
The CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H indicates that exploitation requires no privileges, no user interaction, and can be conducted remotely with low attack complexity.
Security researchers warn that successful exploitation grants attackers full administrative access to affected systems, potentially compromising network infrastructure and sensitive data.
The vulnerability was discovered and reported by ZZ from Ubisectech Sirius Team through HPE Aruba Networking’s Bug Bounty program, with internal reference codes ATLWL-566 and ATLWL-562.
Currently, no workarounds exist for this vulnerability, making immediate patching critical for affected organizations.
The second vulnerability, CVE-2025-37102, presents a high-severity authenticated command injection flaw with a CVSS v3.1 base score of 7.2.
This vulnerability exists within the command line interface of HPE Networking Instant On Access Points and requires elevated privileges for exploitation.
The attack vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H demonstrates that while high privileges are required, successful exploitation allows remote attackers to execute arbitrary commands on the underlying operating system as a highly privileged user.
This command injection vulnerability, referenced internally as ATLWL-561, was also discovered by the same Ubisectech Sirius Team researcher.
The flaw could enable attackers who have already gained administrative access to execute system-level commands, potentially leading to complete system compromise, data exfiltration, or lateral movement within network environments.
HPE Aruba Networking has released software version 3.2.1.0 to address both vulnerabilities.
The company initiated automatic updates during the week of June 30, 2025, requiring no customer action for most deployments.
However, administrators can manually trigger updates through the Instant On app or web portal for immediate protection.
Importantly, these vulnerabilities exclusively affect HPE Networking Instant On Access Points, with Instant On Switches remaining unaffected.
HPE reports no known public discussion or exploit code targeting these specific vulnerabilities as of the advisory’s release date.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
The post HPE Alerts to Aruba Hardcoded Credential Flaws Allowing Auth Bypass appeared first on Cyber Security News.
A newly uncovered phishing campaign is delivering Agent Tesla, one of the most widely used…
The Trump Administration’s purchase of two vacant warehouses in two rural Pennsylvania townships illustrates where…
Netflix has announced that it has declined to raise its offer for Warner Bros. Discovery,…
The Federal Emergency Management Agency building in Washington, D.C., on Nov. 25, 2024. (Photo by…
Less than 24 hours before the deadline in an ultimatum issued by the Pentagon, Anthropic…
Netflix has dropped its $83 billion deal to acquire the Warner Bros. studio, HBO, and…
This website uses cookies.