By rssfeeds-admin 
The security flaws, identified as CVE-2025-37165, CVE-2025-37166, CVE-2023-52340, and CVE-2022-48839, affect devices running software version 3.3.1.0 and earlier.
The vulnerabilities carry CVSS scores ranging from 5.5 to 7.5, with three rated as High severity. HPE released software version 3.3.2.0 to address these issues, with automatic updates having commenced during the week of December 10, 2025.
Organizations using affected Instant On access points and switches should verify their firmware versions and ensure devices have received the security patch.
Technical Details of Vulnerabilities
The most critical vulnerability, CVE-2025-37165, exposes VLAN configuration information through unintended network interfaces when devices operate in router mode.
This flaw allows unauthenticated remote attackers to learn internal network topology and configuration details by inspecting affected packets, potentially facilitating reconnaissance for targeted attacks.
Discovered by Daniel J. Blueman on Quora.org, this information disclosure vulnerability has a CVSS score of 7.5.
CVE-2025-37166 enables denial-of-service attacks by causing unexpected shutdowns in HPE Instant On Access Points.
When processing specially crafted packets, affected devices enter a non-responsive state that may require a physical hard reset to restore services.
Chelmar of GreyCortex reported this vulnerability, which also scores 7.5 on the CVSS scale due to its network-accessible, low-complexity exploitation path.
The remaining two vulnerabilities, CVE-2023-52340 and CVE-2022-48839, reside in the underlying OS kernel and affect IPv4 and IPv6 packet processing.
These flaws could trigger denial-of-service conditions and memory corruption during normal device operation.
While CVE-2023-52340 scores 7.5, CVE-2022-48839 has a lower CVSS score of 5.5 because it requires local access and privileges.
| CVE ID | Description | Severity | CVSS Score | Attack Vector | Impact |
|---|---|---|---|---|---|
| CVE-2025-37165 | VLAN information exposure in router mode configuration | High | 7.5 | Network | Information Disclosure |
| CVE-2025-37166 | Unexpected shutdown via crafted packets causing DoS | High | 7.5 | Network | Availability |
| CVE-2023-52340 | IPv4/IPv6 packet processing kernel vulnerability | High | 7.5 | Network | DoS/Memory Corruption |
| CVE-2022-48839 | IPv4/IPv6 packet processing kernel vulnerability | Medium | 5.5 | Local | DoS/Memory Corruption |
The security bulletin specifically identifies HPE Networking Instant On Access Points and Aruba Instant On 1930 Switch Series running software version 3.3.1.0 or earlier as vulnerable.
Other HPE Networking products are affected by these vulnerabilities. HPE has not provided workarounds for any of the four flaws, making patching the only viable mitigation strategy.
HPE Networking Instant On devices began receiving automatic updates to version 3.3.2.0 during the week of December 10, 2025.
Customers can manually trigger upgrades through the Instant On mobile application or web portal if devices have not yet updated.
HPE emphasizes that products reaching End of Support Life will not receive patches and urges customers to review support status in the company’s official documentation.
Network administrators should immediately inventory all HPE Networking Instant On devices and verify they have upgraded to version 3.3.2.0 or later.
Organizations should monitor device logs for unexpected reboots or shutdowns that might indicate exploitation attempts.
While HPE reports no known public discussion or exploit code as of the advisory release date, the straightforward exploitation requirements make these vulnerabilities attractive targets for attackers.
Security teams should also review network segmentation strategies, as CVE-2025-37165 could expose VLAN configurations to unauthorized parties.
Implementing additional access controls and monitoring for suspicious packet patterns may help detect potential exploitation attempts until all devices are fully patched.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post HPE Aruba Flaws Allow Unauthorized Access to Sensitive Data appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.