CVE-2025-37159 identifies a vulnerability in the web management interface of Hewlett Packard Enterprise's Aruba Networking AOS-CX operating system, specifically within the user authentication service. The flaw allows an authenticated remote attacker with high privileges to hijack an active user session. This session hijacking occurs due to improper handling of session tokens or authentication cookies, categorized under CWE-384 (Session Fixation). The attacker, after gaining initial authenticated access, can maintain unauthorized control over the session, bypassing normal session termination or re-authentication mechanisms. This persistent access enables the attacker to view or modify sensitive configuration data on the network device, potentially impacting network security posture. The vulnerability affects multiple AOS-CX versions from 10.10.0000 to 10.16.0000. The CVSS 3.1 vector indicates local attack vector (AV:L), low attack complexity (AC:L), high privileges required (PR:H), user interaction required (UI:R), unchanged scope (S:U), and high confidentiality and integrity impacts (C:H/I:H), but no impact on availability (A:N). No patches were linked at the time of publication, and no known exploits have been reported in the wild. This vulnerability is particularly concerning for environments relying heavily on Aruba AOS-CX for network management, as it could allow attackers to persistently manipulate network configurations.

For European organizations, exploitation of CVE-2025-37159 could lead to unauthorized persistent access to critical network infrastructure devices, specifically Aruba switches running AOS-CX. This could result in unauthorized disclosure of sensitive configuration data, manipulation of network policies, or insertion of malicious configurations that compromise network integrity and confidentiality. Such impacts could disrupt secure communications, enable lateral movement within corporate networks, or facilitate data exfiltration. Given the reliance on Aruba networking equipment in sectors such as finance, telecommunications, and government across Europe, the vulnerability poses a tangible risk to critical infrastructure and data privacy compliance obligations under regulations like GDPR. The requirement for high privileges and user interaction somewhat limits the attack surface but does not eliminate risk, especially in environments with multiple administrators or where credential compromise is possible. The absence of known exploits reduces immediate threat but underscores the importance of proactive mitigation.

1. Apply official patches or firmware updates from Hewlett Packard Enterprise as soon as they become available to address this vulnerability directly. 2. Restrict access to the AOS-CX web management interface to trusted administrative networks using network segmentation and firewall rules. 3. Enforce strong multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. 4. Regularly monitor active sessions and audit logs for unusual session behaviors or repeated authentication failures that could indicate session hijacking attempts. 5. Implement session timeout and re-authentication policies to limit the window of opportunity for session hijacking. 6. Educate administrators on phishing and social engineering risks that could lead to initial credential exposure. 7. Use network intrusion detection systems (NIDS) to detect anomalous management traffic patterns. 8. Limit the number of users with high privilege levels and regularly review user access rights. 9. Consider deploying network access control (NAC) solutions to enforce device compliance and restrict unauthorized devices from management networks.