CVE-2025-37168 is an arbitrary file deletion vulnerability identified in Hewlett Packard Enterprise's ArubaOS (AOS) 8 operating system, specifically affecting mobility conductors running versions 8.10.0.0 and 8.12.0.0. The vulnerability arises from a flaw in a system function that improperly handles file operations, allowing an unauthenticated remote attacker to delete arbitrary files on the device. This deletion capability can disrupt normal device operations, potentially leading to denial-of-service (DoS) conditions by removing critical system or configuration files. The vulnerability is remotely exploitable over the network without requiring any authentication or user interaction, increasing the risk of widespread exploitation. The CVSS v3.1 base score of 8.2 reflects a high severity, driven by the vulnerability's network attack vector, low complexity, no privileges required, and no user interaction needed. While confidentiality is not impacted, the integrity and availability of the affected systems are at significant risk. ArubaOS is widely deployed in enterprise wireless and mobility infrastructure, making this vulnerability particularly concerning for organizations relying on these devices for network access and management. No patches or known exploits are currently reported, but the vulnerability's characteristics suggest that exploitation could cause operational outages and service interruptions.

For European organizations, the impact of CVE-2025-37168 could be substantial, especially for those heavily reliant on HPE ArubaOS-based mobility conductors for wireless network infrastructure. Successful exploitation can lead to denial-of-service conditions, disrupting network availability and potentially halting critical business operations. This can affect sectors such as finance, healthcare, government, and telecommunications, where continuous network availability is essential. The arbitrary file deletion could also compromise device integrity, requiring time-consuming recovery or reconfiguration efforts. Given the unauthenticated and remote nature of the vulnerability, attackers could launch attacks from outside the network perimeter, increasing the threat surface. Disruptions in network access could also impact remote work capabilities and IoT device connectivity, which are increasingly important in European enterprises. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the high severity score indicates that organizations should prioritize addressing this vulnerability to avoid potential operational and reputational damage.

1. Monitor Hewlett Packard Enterprise communications closely for official patches or firmware updates addressing CVE-2025-37168 and apply them immediately upon release. 2. Until patches are available, implement strict network segmentation to isolate ArubaOS mobility conductors from untrusted networks, minimizing exposure to remote attackers. 3. Restrict management interfaces and services to trusted IP addresses and use access control lists (ACLs) to limit network access to these devices. 4. Employ intrusion detection and prevention systems (IDS/IPS) to monitor for suspicious activity targeting ArubaOS devices, focusing on unusual file operations or deletion attempts. 5. Regularly back up device configurations and critical files to enable rapid restoration in case of file deletion or device compromise. 6. Harden device configurations by disabling unnecessary services and protocols that could be leveraged for exploitation. 7. Conduct network vulnerability scans and penetration tests focused on ArubaOS devices to identify potential exposure. 8. Train network administrators to recognize signs of exploitation and establish incident response procedures specific to ArubaOS device compromise. 9. Consider deploying network-level anomaly detection tools to identify unusual traffic patterns indicative of exploitation attempts. 10. Maintain an inventory of all ArubaOS devices and their firmware versions to ensure timely identification of affected systems.