Detections
Analytics

ArubaOS 8.10.x < 8.10.0.19 / 8.12.x < 8.12.0.6 / 8.13.x < 8.13.1.0 / 10.4.x < 10.4.1.9 / 10.7.x < 10.7.2.1 Multiple Vulnerabilities (HPESBNW04957)

high Nessus Plugin ID 270710

Language:

Synopsis

An application installed on the remote host is affected by multiple vulnerabilities.

Description

The version of ArubaOS installed on the remote host is affected by multiple vulnerabilities as referenced in the HPESBNW04957 advisory:

 - An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system. (CVE-2025-37132)

- An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system. (CVE-2025-37133)

- Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system. (CVE-2025-37135)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the ArubaOS version mentioned in the vendor advisory.

See Also

http://www.nessus.org/u?2d0e55b7

Plugin Details

Severity: High

ID: 270710

File Name: arubaos-aruba-HPESBNW04957.nasl

Version: 1.1

Type: combined

Family: Misc.

Published: 10/17/2025

Updated: 10/17/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.4

CVSS v2

Risk Factor: High

Base Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2025-37132

CVSS v3

Risk Factor: High

Base Score: 7.2

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/o:arubanetworks:arubaos, cpe:/o:hp:arubaos

Required KB Items: installed_sw/ArubaOS

Patch Publication Date: 10/14/2025

Vulnerability Publication Date: 10/14/2025

Reference Information

CVE: CVE-2025-37132, CVE-2025-37133, CVE-2025-37134, CVE-2025-37135, CVE-2025-37136, CVE-2025-37137, CVE-2025-37138, CVE-2025-37139, CVE-2025-37140, CVE-2025-37141, CVE-2025-37142, CVE-2025-37143, CVE-2025-37144, CVE-2025-37145

IAVA: 2025-A-0774