CVE-2025-37159 is a vulnerability identified in the web management interface of Hewlett Packard Enterprise's Aruba Networking AOS-CX operating system, specifically within the user authentication service. The flaw allows an authenticated remote attacker with high privileges to hijack an active user session. This session hijacking could enable the attacker to maintain unauthorized access to the session, thereby potentially viewing or modifying sensitive configuration data on the network device. The vulnerability affects multiple versions of AOS-CX, ranging from 10.10.0000 to 10.16.0000, indicating a broad impact across recent releases. The CVSS 3.1 base score is 5.8, reflecting a medium severity level. The attack vector is local (AV:L), requiring the attacker to have network access to the management interface and to be authenticated with high privileges (PR:H). User interaction is required (UI:R), meaning the attacker must trick or collaborate with a legitimate user to exploit the vulnerability. The scope remains unchanged (S:U), and the impact is high on confidentiality and integrity (C:H/I:H) but does not affect availability (A:N). No known exploits have been reported in the wild as of the publication date. The vulnerability poses a risk of unauthorized disclosure and alteration of network device configurations, which could undermine network security and stability if exploited.

For European organizations, this vulnerability presents a significant risk to network security, especially for enterprises and service providers relying on HPE Aruba AOS-CX switches and network infrastructure. Unauthorized session hijacking could lead to exposure or manipulation of sensitive configuration data, potentially disrupting network policies, routing, and security controls. This could facilitate further attacks such as lateral movement, data exfiltration, or persistent unauthorized access. The impact is particularly critical for sectors with stringent data protection requirements such as finance, healthcare, and government. Given the medium severity and requirement for authenticated access, the threat is more relevant to insider threats or attackers who have already gained some level of network access. However, the potential for session hijacking elevates the risk of privilege escalation and prolonged compromise. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the need for proactive mitigation.

Organizations should prioritize the following mitigations: 1) Monitor HPE’s security advisories closely and apply patches or firmware updates for AOS-CX as soon as they become available to remediate the vulnerability. 2) Restrict access to the web management interface to trusted networks and IP addresses using network segmentation and firewall rules to minimize exposure. 3) Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. 4) Implement strict session management policies such as short session timeouts, session token invalidation on logout, and detection of concurrent sessions to limit session hijacking opportunities. 5) Conduct regular audits and monitoring of administrative sessions and configuration changes to detect anomalous activities promptly. 6) Educate administrators about phishing and social engineering risks to reduce the likelihood of user interaction exploitation. 7) Consider deploying network intrusion detection systems (NIDS) capable of identifying suspicious management interface traffic patterns. These steps, combined with vendor patches, will significantly reduce the attack surface and potential impact.