CVE-2025-37128

Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS

CVSS 6.8 MEDIUMEPSS 0.3%CWE-250

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Affected products

Hewlett Packard Enterprise (HPE) · HPE Aruba Networking EdgeConnect SD-WAN Gateway

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US