CVE-2025-37128

Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS

CVSS 6.8 MEDIUMEPSS 0.3%CWE-250

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H

Productos afectados

Hewlett Packard Enterprise (HPE) · HPE Aruba Networking EdgeConnect SD-WAN Gateway

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US