CVE-2025-37123 is a high-severity vulnerability affecting Hewlett Packard Enterprise's Aruba Networking EdgeConnect SD-WAN Gateway, specifically versions 9.4.0.0 and 9.5.0.0. The vulnerability resides in the device's command-line interface (CLI), where an authenticated remote attacker can exploit improper privilege management to escalate their privileges. By successfully exploiting this flaw, the attacker can execute arbitrary system commands with root-level privileges on the underlying operating system. This means the attacker gains full control over the affected device, potentially allowing them to manipulate network traffic, alter configurations, disable security controls, or pivot to other internal systems. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with network attack vector, low attack complexity, and no user interaction required. The vulnerability is classified under CWE-269, indicating improper privilege management. No public exploits have been reported yet, and no official patches have been linked at the time of publication. Given the critical role of SD-WAN gateways in managing and securing enterprise network traffic, this vulnerability poses a significant risk to organizations relying on these devices for network connectivity and security enforcement.

For European organizations, the impact of CVE-2025-37123 can be substantial. SD-WAN gateways like HPE Aruba EdgeConnect are widely used in enterprise networks to optimize and secure WAN connectivity. An attacker gaining root access to these devices can intercept, modify, or disrupt network traffic, leading to data breaches, service outages, or lateral movement within the corporate network. Confidentiality is at risk as sensitive data traversing the SD-WAN could be exposed or manipulated. Integrity is compromised since attackers can alter configurations or inject malicious traffic. Availability may also be affected if attackers disrupt network services or cause device failures. This can impact critical business operations, especially for sectors like finance, healthcare, manufacturing, and government agencies in Europe that rely on secure and reliable network infrastructure. The requirement for authentication to exploit the vulnerability somewhat limits exposure but does not eliminate risk, as credential compromise or insider threats could enable exploitation. The lack of public exploits currently reduces immediate threat but organizations should act proactively given the high severity and potential for impactful attacks.

European organizations using HPE Aruba EdgeConnect SD-WAN Gateways should immediately verify their device versions and prioritize upgrading to patched versions once available. Until patches are released, organizations should implement strict access controls to the CLI, including limiting administrative access to trusted personnel and secure management networks. Employ multi-factor authentication (MFA) for all administrative accounts to reduce risk of credential compromise. Monitor device logs and network traffic for unusual activity indicative of privilege escalation attempts. Network segmentation should be enforced to isolate management interfaces from general user networks. Additionally, conduct regular audits of user privileges and remove unnecessary administrative rights. Employ intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous commands or behaviors on SD-WAN gateways. Finally, maintain up-to-date backups of device configurations to enable rapid recovery if compromise occurs.