CVE-2025-37185 is a stored cross-site scripting (XSS) vulnerability found in Hewlett Packard Enterprise's EdgeConnect SD-WAN Orchestrator versions 9.4.0 and 9.5.0. The vulnerability resides in the web-based management interface, which is used by administrators to configure and manage SD-WAN deployments. An authenticated attacker with high privileges can inject malicious script code that is stored persistently within the application. When an administrative user accesses the affected interface, the malicious script executes in their browser context. This can lead to unauthorized actions such as arbitrary configuration changes on the orchestrator host, potentially undermining the integrity and confidentiality of the network management environment. The attack vector is network-based and requires no user interaction beyond the administrator accessing the interface. The CVSS 3.1 base score is 5.5, reflecting medium severity, with the vector indicating network attack vector, low attack complexity, high privileges required, no user interaction, and impact on confidentiality and integrity but not availability. No public exploits or patches were reported at the time of disclosure, but the vulnerability poses a risk to organizations relying on HPE EdgeConnect for SD-WAN orchestration.

For European organizations, this vulnerability could lead to unauthorized configuration changes in SD-WAN environments, potentially disrupting secure and reliable network connectivity. Compromise of the orchestrator could allow attackers to manipulate routing policies, intercept or redirect traffic, or degrade network performance. This threatens the confidentiality and integrity of sensitive data traversing the SD-WAN. Critical sectors such as finance, healthcare, and government that depend on secure network management could face increased risk of data breaches or operational disruptions. The requirement for high-privilege authentication limits the attack surface but insider threats or compromised credentials could be leveraged. The lack of availability impact reduces the risk of denial-of-service, but the integrity and confidentiality impacts remain significant. European organizations with large-scale SD-WAN deployments should consider this vulnerability a serious risk to their network management security posture.

1. Apply vendor-provided patches or updates for EdgeConnect SD-WAN Orchestrator as soon as they become available. 2. Restrict access to the management interface using network segmentation, VPNs, or IP whitelisting to limit exposure to trusted administrators only. 3. Enforce strong multi-factor authentication (MFA) for all administrative accounts to reduce the risk of credential compromise. 4. Regularly audit and monitor administrative actions and configuration changes for signs of unauthorized activity. 5. Implement Content Security Policy (CSP) headers and input validation on the management interface to reduce the risk of XSS exploitation. 6. Educate administrators about phishing and credential security to prevent account takeover. 7. Consider deploying web application firewalls (WAF) that can detect and block XSS payloads targeting the management interface. 8. Maintain an incident response plan that includes procedures for SD-WAN orchestrator compromise scenarios.