CVE-2025-37130 is a medium-severity vulnerability identified in Hewlett Packard Enterprise's (HPE) Aruba Networking EdgeConnect SD-WAN Gateway, specifically affecting versions 9.4.0.0 and 9.5.0.0. The vulnerability resides in the command-line interface (CLI) of the EdgeConnect SD-WAN Gateway, where an authenticated attacker with legitimate access privileges can exploit a flaw that allows reading arbitrary files from the underlying file system. This vulnerability is classified under CWE-552, which relates to exposure of sensitive information to an unauthorized actor. The vulnerability does not require user interaction beyond authentication, and the attacker does not need elevated privileges beyond those required to access the CLI. The CVSS v3.1 score is 6.5, reflecting a medium severity level, with a vector indicating network attack vector (AV:N), low attack complexity (AC:L), privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), high confidentiality impact (C:H), no integrity impact (I:N), and no availability impact (A:N). Successful exploitation enables an attacker to read sensitive data such as configuration files, credentials, or other confidential information stored on the device, potentially leading to further compromise or lateral movement within the network. No known exploits are currently reported in the wild, and no patches have been linked yet, indicating that mitigation may rely on vendor updates or configuration changes once available.

For European organizations, this vulnerability poses a significant risk, especially for enterprises and service providers relying on HPE Aruba EdgeConnect SD-WAN Gateways to manage their wide-area networks. The ability to read arbitrary files can expose sensitive configuration data, authentication credentials, or cryptographic keys, which could be leveraged to escalate privileges or conduct further attacks such as network interception or disruption. Given the critical role of SD-WAN in ensuring secure and reliable connectivity across distributed sites, exploitation could undermine network confidentiality and trust. This is particularly impactful for sectors with stringent data protection requirements under GDPR, such as finance, healthcare, and government agencies. The exposure of sensitive data could lead to regulatory penalties, reputational damage, and operational disruptions. Additionally, the medium severity and requirement for authenticated access mean that insider threats or compromised user accounts could be leveraged to exploit this vulnerability, increasing the risk profile for organizations with less stringent access controls or monitoring.

To mitigate this vulnerability effectively, European organizations should: 1) Immediately audit and restrict CLI access to the EdgeConnect SD-WAN Gateway, ensuring that only trusted administrators with a strict need-to-know have authenticated access. Implement multi-factor authentication (MFA) for CLI access to reduce the risk of compromised credentials being exploited. 2) Monitor and log all CLI access and commands executed on the device to detect anomalous or unauthorized file access attempts. 3) Apply network segmentation to isolate management interfaces of SD-WAN gateways from general network access, limiting exposure to potential attackers. 4) Engage with HPE support channels to obtain and apply security patches or firmware updates as soon as they become available. 5) Conduct regular vulnerability assessments and penetration testing focused on SD-WAN infrastructure to identify and remediate similar issues proactively. 6) Educate administrators about the risks of credential compromise and enforce strong password policies. 7) Consider deploying additional endpoint detection and response (EDR) solutions to monitor for lateral movement or unusual activity stemming from compromised SD-WAN devices.