CVE-2025-37155 is a vulnerability identified in the SSH restricted shell interface of Hewlett Packard Enterprise's Aruba Networking AOS-CX operating system, versions 10.10.0000 through 10.16.0000. The flaw arises from improper access control mechanisms that fail to adequately restrict the capabilities of authenticated users assigned read-only privileges. Specifically, an attacker who has legitimate read-only access to the network management services via SSH can exploit this vulnerability to escalate their privileges to administrator level, thereby gaining full control over the affected system. The vulnerability is categorized under CWE-284 (Improper Access Control), indicating a failure to enforce correct permission boundaries. The CVSS v3.1 base score is 7.8, reflecting a high severity level due to the combination of local attack vector (AV:L), low attack complexity (AC:L), low privileges required (PR:L), no user interaction (UI:N), unchanged scope (S:U), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). This means an attacker with limited access can fully compromise the device without needing additional user actions. The affected product, HPE Aruba Networking AOS-CX, is widely used in enterprise and service provider networks for managing switches and network infrastructure. The vulnerability could allow attackers to manipulate network configurations, intercept or redirect traffic, and disrupt network operations. No public exploits or patches are currently available, but the vulnerability has been officially published and reserved since April 2025. Given the critical role of network devices in organizational security, exploitation could have severe consequences.

For European organizations, the impact of CVE-2025-37155 is significant due to the widespread deployment of HPE Aruba Networking AOS-CX in enterprise, government, and telecom networks. Successful exploitation would allow attackers to escalate from read-only to full administrative privileges, enabling unauthorized configuration changes, interception of sensitive data, network disruption, and potential lateral movement within the network. This could compromise confidentiality of communications, integrity of network configurations, and availability of critical services. Sectors such as finance, healthcare, telecommunications, and public administration are particularly vulnerable due to their reliance on secure and stable network infrastructure. Additionally, the ability to escalate privileges without user interaction increases the risk of stealthy attacks and persistent threats. The absence of known exploits in the wild currently reduces immediate risk, but the high severity and ease of exploitation warrant urgent attention. European organizations must consider the potential for targeted attacks exploiting this vulnerability, especially in the context of increasing geopolitical tensions and cyber espionage activities targeting critical infrastructure.

1. Immediately audit all user accounts with read-only SSH access to HPE Aruba AOS-CX devices and restrict this access to only trusted personnel. 2. Implement strict role-based access controls (RBAC) and ensure that read-only users cannot execute commands beyond their intended scope. 3. Segment network management interfaces from general user networks to limit exposure of SSH services. 4. Monitor SSH sessions and logs for unusual activity indicative of privilege escalation attempts, such as unexpected command executions or session anomalies. 5. Apply network-level controls such as firewall rules and access control lists (ACLs) to restrict SSH access to management interfaces. 6. Stay in close contact with Hewlett Packard Enterprise for official patches or firmware updates addressing this vulnerability and plan for immediate deployment once available. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect suspicious behavior on network management protocols. 8. Conduct regular security training for network administrators to recognize and respond to potential exploitation attempts. 9. Develop and test incident response plans specifically addressing network device compromise scenarios. 10. Where possible, use multi-factor authentication (MFA) for administrative access to network devices to add an additional security layer.