CVE-2025-37129 is a vulnerability identified in Hewlett Packard Enterprise's (HPE) Aruba Networking EdgeConnect SD-WAN Gateway, specifically affecting versions 9.4.0.0 and 9.5.0.0. The flaw resides in the command line interface (CLI) of the EdgeConnect SD-WAN product, where an authenticated attacker can exploit built-in script execution capabilities. This vulnerability is categorized under CWE-78, which relates to OS Command Injection. If the vulnerable feature is enabled without adequate security controls, an attacker with high-level privileges can execute arbitrary commands on the underlying operating system. The CVSS v3.1 base score is 6.7, indicating a medium severity level. The vector string (AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H) shows that the attack requires local access (AV:L), low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), and impacts confidentiality, integrity, and availability to a high degree (C:H/I:H/A:H). No known exploits have been reported in the wild yet, and no patches have been linked at the time of publication. The vulnerability's exploitation could allow an attacker to gain full control over the device's operating system, potentially leading to network disruption, data exfiltration, or further lateral movement within the network infrastructure. Given the critical role of SD-WAN gateways in managing enterprise network traffic, this vulnerability poses a significant risk if left unmitigated.

For European organizations, the exploitation of this vulnerability could have severe consequences. SD-WAN gateways like HPE Aruba EdgeConnect are integral to managing secure and efficient network connectivity across distributed sites. Successful exploitation could lead to unauthorized command execution on these gateways, potentially allowing attackers to disrupt network operations, intercept or manipulate sensitive data, and pivot to other internal systems. This could affect confidentiality, integrity, and availability of critical business communications and data flows. Organizations in sectors such as finance, healthcare, manufacturing, and government, which rely heavily on secure and resilient network infrastructure, could face operational downtime, regulatory compliance violations (e.g., GDPR breaches), and reputational damage. The requirement for high privileges and local access reduces the risk of remote exploitation but emphasizes the importance of internal security controls and monitoring to prevent privilege escalation and lateral movement by malicious insiders or compromised accounts.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately verify if their HPE Aruba EdgeConnect SD-WAN Gateway devices are running affected versions 9.4.0.0 or 9.5.0.0. 2) Restrict access to the CLI interface strictly to trusted administrators and enforce the principle of least privilege to minimize the number of users with high-level access. 3) Implement robust authentication mechanisms, such as multi-factor authentication (MFA), for accessing the device management interfaces. 4) Monitor and audit CLI command usage and script execution logs for any suspicious or unauthorized activity. 5) Disable or restrict the built-in script execution feature if it is not essential for operational purposes. 6) Stay alert for official patches or firmware updates from HPE and apply them promptly once available. 7) Employ network segmentation to isolate SD-WAN gateways from less trusted network zones to limit the potential impact of a compromised device. 8) Conduct regular security assessments and penetration testing focusing on privileged access controls and command execution capabilities within network devices.