CVE-2025-37168 identifies an arbitrary file deletion vulnerability within Hewlett Packard Enterprise's ArubaOS (AOS) versions 8.10.0.0 and 8.12.0.0, specifically affecting mobility conductors. ArubaOS is a widely deployed operating system for HPE's wireless networking devices, including controllers and conductors that manage wireless access points and network traffic. The vulnerability stems from insufficient validation in a system function that handles file operations, allowing an unauthenticated remote attacker to delete arbitrary files on the affected system. This deletion can disrupt critical system files, leading to denial-of-service (DoS) conditions by impairing device functionality or causing crashes. The CVSS v3.1 score of 8.2 reflects the vulnerability's high impact on integrity and availability, with no confidentiality impact. The attack vector is network-based (AV:N), requiring no privileges (PR:N) or user interaction (UI:N), making it relatively easy to exploit remotely. The vulnerability is classified under CWE-552, which relates to file deletion vulnerabilities that can undermine system stability. Although no public exploits have been reported yet, the potential for disruption in enterprise wireless infrastructure is significant, especially in environments where ArubaOS mobility conductors are critical for network operations. The lack of available patches at the time of reporting necessitates immediate risk mitigation through compensating controls. This vulnerability poses a threat to network availability and operational continuity, particularly in organizations relying heavily on Aruba wireless solutions for secure and reliable connectivity.

For European organizations, the impact of CVE-2025-37168 could be substantial, especially those in sectors such as telecommunications, finance, healthcare, and government that depend on ArubaOS-based wireless infrastructure for critical operations. Successful exploitation can lead to denial-of-service conditions, disrupting wireless network availability and potentially causing downtime in business-critical applications and services. This disruption could affect employee productivity, customer access, and operational continuity. Since the vulnerability allows unauthenticated remote attacks, threat actors could exploit it from outside the network perimeter, increasing the risk of widespread attacks. The integrity of the affected devices is compromised as arbitrary files can be deleted, potentially causing system instability or failure. Although confidentiality is not directly impacted, the loss of availability and integrity can indirectly affect data security and compliance with regulations such as GDPR if network outages prevent timely data access or processing. European organizations with large-scale deployments of ArubaOS mobility conductors are at higher risk, and the potential for cascading effects in interconnected network environments amplifies the threat.

1. Monitor Hewlett Packard Enterprise communications closely for official patches or firmware updates addressing CVE-2025-37168 and apply them promptly once released. 2. Implement network segmentation to isolate ArubaOS mobility conductors from untrusted networks and limit exposure to potential attackers. 3. Restrict management interfaces and control plane access to trusted administrative networks using access control lists (ACLs) and firewall rules. 4. Employ intrusion detection and prevention systems (IDS/IPS) to detect anomalous file deletion attempts or suspicious network traffic targeting ArubaOS devices. 5. Conduct regular backups of device configurations and critical system files to enable rapid recovery in case of successful exploitation. 6. Harden device configurations by disabling unnecessary services and interfaces to reduce the attack surface. 7. Enforce strict authentication and authorization policies for network management, even though this vulnerability does not require authentication, to reduce overall risk. 8. Perform continuous vulnerability scanning and penetration testing focused on ArubaOS devices to identify and remediate weaknesses proactively. 9. Educate network administrators about this vulnerability and encourage vigilance for unusual device behavior or network disruptions. 10. Consider deploying network anomaly detection solutions that can alert on unexpected device file operations or service interruptions.