CVE-2025-37159

EUVD-2025-198066
A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.8 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
hpeCNA
5.8 MEDIUM
LOCAL
LOW
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 13%
Affected Products (NVD)
VendorProductVersion
hpearubaos-cx
10.10.0000 ≤
𝑥
< 10.10.1170
hpearubaos-cx
10.13.0000 ≤
𝑥
< 10.13.1101
hpearubaos-cx
10.14.0000 ≤
𝑥
< 10.14.1060
hpearubaos-cx
10.15.0000 ≤
𝑥
< 10.15.1030
hpearubaos-cx
10.16.0000 ≤
𝑥
< 10.16.1001
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US