CVE-2025-37128 is a vulnerability identified in the web API of Hewlett Packard Enterprise's Aruba Networking EdgeConnect SD-WAN Gateway, specifically affecting versions 9.4.0.0 and 9.5.0.0. This vulnerability allows an authenticated remote attacker to terminate arbitrary running processes on the affected device. The exploitation requires the attacker to have valid credentials (privileged or otherwise) to access the web API, and some user interaction is necessary to trigger the process termination. The vulnerability does not impact confidentiality or integrity directly but has a significant impact on availability, as terminating critical processes can disrupt system operations and potentially cause the device to enter an unstable state. Given the device's role as an SD-WAN gateway, which is critical for managing wide area network connectivity and security policies, disruption could lead to network outages or degraded performance. The CVSS 3.1 base score is 6.8, categorized as medium severity, reflecting the ease of network exploitation with low attack complexity but requiring privileges and user interaction, and the high impact on availability with no confidentiality or integrity loss. No known exploits are currently reported in the wild, and no patches are linked yet, indicating that mitigation may rely on access control and monitoring until official fixes are released.

For European organizations, this vulnerability poses a risk to network infrastructure stability and availability. SD-WAN gateways like the HPE Aruba EdgeConnect are often deployed in enterprise and service provider environments to optimize and secure WAN traffic. Disruption caused by process termination could lead to partial or complete loss of WAN connectivity, impacting business-critical applications, cloud access, and inter-office communications. This could result in operational downtime, loss of productivity, and potential financial losses. In sectors such as finance, healthcare, manufacturing, and government, where network availability is crucial, the impact could be significant. Moreover, the requirement for authentication means insider threats or compromised credentials could be leveraged to exploit this vulnerability. The instability caused by process termination might also complicate incident response and recovery efforts, increasing the risk of prolonged outages.

To mitigate this vulnerability, European organizations should implement strict access controls to the SD-WAN gateway management interfaces, ensuring that only authorized personnel have authenticated access. Multi-factor authentication (MFA) should be enforced to reduce the risk of credential compromise. Network segmentation and firewall rules should limit access to the web API to trusted management networks only. Continuous monitoring and logging of administrative access and process terminations on the device can help detect suspicious activity early. Until official patches are released by HPE, organizations should consider temporary compensating controls such as disabling unnecessary web API functions or restricting API usage to read-only where possible. Regularly updating credentials and conducting security awareness training for administrators can also reduce the risk of exploitation. Finally, organizations should stay alert for vendor advisories and apply patches promptly once available.