Multiple High-Severity Vulnerabilities Found in HPE Aruba Networking EdgeConnect SD-WAN Gateways

HPE Aruba Networking has released patches addressing multiple high- and medium-severity vulnerabilities in its EdgeConnect SD-WAN Gateways, warning that successful exploitation could lead to privilege escalation, unauthorized access, remote code execution, and disruption of critical network services.

The Most Critical Vulnerabilities

CVE-2025-37123 – Authenticated Command Injection (CVSS 8.8)

A flaw in the command-line interface could allow an authenticated attacker to execute arbitrary system commands with root privileges. The advisory warns, “Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on the underlying operating system.”

CVE-2025-37124 – Unauthenticated Access Vulnerability (CVSS 8.6)

This bug allows attackers to bypass firewall protections, misrouting traffic through the internal network without authentication. “Successful exploitation could allow an attacker to route potentially harmful traffic through to the internal network, leading to unauthorized access or disruption of services.”

CVE-2025-37125 – Broken Access Control in Firewall Configuration (CVSS 7.5)

Improper firewall enforcement could allow attackers to bypass protections, mishandling unauthorized traffic.

CVE-2025-37126 – Authenticated Remote Code Execution (CVSS 7.2)

Authenticated attackers could run arbitrary commands as root on the underlying OS via the CLI.

CVE-2025-37127 – Authenticated Replay Attack (CVSS 7.2)

A cryptographic flaw could allow authenticated attackers to gain shell access and execute arbitrary commands, potentially leading to full system compromise.

Medium-Severity Vulnerabilities

Several medium-severity flaws were also identified:

CVE-2025-37128: Arbitrary process termination in the web API could destabilize systems (CVSS 6.8).

CVE-2025-37129: CLI script execution feature could allow authenticated remote code execution (CVSS 6.7).

CVE-2025-37130: Arbitrary file enumeration in the OS (CVSS 6.5).

CVE-2025-37131: Arbitrary file read leading to potential data exfiltration (CVSS 4.9).

Mitigation Guidance

HPE Aruba Networking advises customers to upgrade to the following versions to address all vulnerabilities within this advisory, unless otherwise specified in the Details section. These builds and branches will fix all vulnerabilities listed above:

HPE Aruba Networking recommends several steps to reduce risk until systems are patched:

• “Restrict the CLI and web-based management interfaces to a dedicated layer 2 segment/VLAN and/or controlled by firewall policies at layer 3 and above.”
• Configure IP allow-listing for local users and API keys.
• Use RADIUS or TACACS for user authentication.
• Route management traffic through secure SD-WAN tunnels.

Related Posts:

• HPE Aruba Networking Addresses Severe Vulnerabilities in Access Points
• VMware SD-WAN Vulnerabilities Pose Risk to Network Security, Patches Released
• CVSS 9.8 Vulnerabilities Expose Aruba Access Points to RCE: HPE Urges Immediate Action
• Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass
• CVSS 9.8 Alert: Critical Flaws in HPE Insight Remote Support Enable RCE & File Access