CVE-2025-37135 identifies an arbitrary file deletion vulnerability within the command-line interface of Hewlett Packard Enterprise's ArubaOS (AOS), specifically impacting AOS-8 Controllers and Mobility Conductors. The affected versions include 8.10.0.0, 8.12.0.0, 8.13.0.0, 10.4.0.0, and 10.7.0.0. This vulnerability allows a remote attacker who has authenticated with high privileges to delete arbitrary files on the system, potentially compromising the integrity and availability of the device. The attack vector is network-based, requiring no user interaction, but it does require the attacker to have elevated privileges, which limits the attack surface to authorized users or those who have compromised credentials. The deletion of critical system or configuration files could disrupt network operations, cause denial of service, or force recovery procedures. Although no exploits have been reported in the wild, the vulnerability poses a significant risk to network infrastructure relying on ArubaOS for wireless and mobility management. The CVSS v3.1 score of 6.5 reflects a medium severity, balancing the ease of network access against the requirement for privileged authentication. The vulnerability was published on October 14, 2025, with the initial reservation date in April 2025. No patches or mitigation links are currently provided, emphasizing the need for vigilance and proactive security controls.

For European organizations, this vulnerability could lead to significant operational disruptions in enterprise wireless and mobility networks managed by ArubaOS devices. The arbitrary file deletion capability can compromise system integrity, potentially deleting configuration files or critical system components, resulting in service outages or degraded network performance. This could affect sectors reliant on continuous network availability such as finance, healthcare, manufacturing, and public services. Given the requirement for high-privilege authentication, the risk is elevated if credential compromise occurs or insider threats exist. The impact extends to potential downtime, increased incident response costs, and reputational damage. In regulated industries, such disruptions could also lead to compliance violations. The absence of known exploits currently reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. European organizations with large-scale ArubaOS deployments should consider this vulnerability a priority for risk management and incident preparedness.

1. Restrict administrative access to ArubaOS Controllers and Mobility Conductors by enforcing strict network segmentation and limiting management interface exposure to trusted networks only. 2. Implement strong multi-factor authentication (MFA) for all privileged accounts to reduce the risk of credential compromise. 3. Regularly audit and monitor privileged user activity and access logs for anomalous behavior indicative of misuse or compromise. 4. Apply principle of least privilege by ensuring users have only the necessary permissions to perform their roles, minimizing the number of accounts with high-level access. 5. Stay informed on HPE advisories and apply security patches or firmware updates promptly once released. 6. Develop and test incident response plans specific to ArubaOS device compromise scenarios, including recovery from file deletion events. 7. Employ network intrusion detection systems (NIDS) to detect unusual command-line interface activity or unauthorized file operations. 8. Consider deploying endpoint detection and response (EDR) solutions on management workstations to detect credential theft or lateral movement attempts. 9. Backup critical configuration files and system states regularly to enable rapid restoration if file deletion occurs. 10. Engage with HPE support to obtain guidance and early access to patches or workarounds.