CVE-2025-37175 is an arbitrary file upload vulnerability identified in Hewlett Packard Enterprise's ArubaOS (AOS) operating systems, specifically affecting mobility conductors running versions 8.10.0.0, 8.12.0.0, 10.3.0.0, and 10.6.0.0. The vulnerability resides in the web-based management interface, which is used by administrators to manage network devices. An authenticated attacker with high privileges can exploit this flaw by uploading arbitrary files to the system. This capability enables the attacker to execute arbitrary commands on the underlying operating system, effectively allowing full control over the affected device. The vulnerability does not require user interaction beyond authentication, and the attack vector is network-based, making it remotely exploitable. The CVSS v3.1 base score is 7.2, reflecting high severity due to the potential for complete compromise of the device’s confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the presence of this vulnerability in critical network infrastructure devices like mobility conductors poses a significant risk. ArubaOS mobility conductors are central to managing wireless network environments, and compromise could lead to interception or disruption of network traffic, lateral movement within enterprise networks, and persistent footholds for attackers. The lack of publicly available patches at the time of disclosure necessitates immediate risk mitigation through access control and monitoring until vendor updates are applied.

For European organizations, the impact of CVE-2025-37175 could be substantial, particularly for enterprises and service providers relying on ArubaOS mobility conductors to manage wireless network infrastructure. Exploitation could lead to unauthorized access to sensitive network management functions, enabling attackers to manipulate network configurations, intercept or redirect traffic, and deploy malware or ransomware. This threatens the confidentiality of communications, the integrity of network operations, and the availability of critical services. Sectors such as finance, healthcare, telecommunications, and government agencies are especially vulnerable due to their reliance on secure and reliable network infrastructure. Additionally, disruption or compromise of mobility conductors could facilitate broader network intrusions, impacting multiple connected systems. Given the high privileges required, insider threats or compromised administrative credentials could accelerate exploitation. The absence of known exploits in the wild provides a window for proactive defense, but the risk remains high due to the critical role of affected devices in enterprise networks.

1. Immediately restrict access to the ArubaOS web-based management interface to trusted administrators only, using network segmentation and VPNs where possible. 2. Enforce strong authentication mechanisms, including multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. 3. Monitor logs and network traffic for unusual file upload activities or command execution patterns indicative of exploitation attempts. 4. Implement strict role-based access control (RBAC) to limit the number of users with high privilege levels capable of exploiting this vulnerability. 5. Regularly audit administrative accounts and remove or disable unused or unnecessary accounts. 6. Apply vendor-provided patches and updates as soon as they become available to remediate the vulnerability. 7. Consider deploying intrusion detection/prevention systems (IDS/IPS) tuned to detect anomalous behavior related to file uploads or command execution on ArubaOS devices. 8. Maintain up-to-date backups of device configurations and critical data to enable rapid recovery in case of compromise. 9. Engage with HPE support and subscribe to security advisories to stay informed about patch releases and additional mitigation guidance.