CVE-2025-37159

Medium CVSS: 5.8

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

Vendor

Hpe

Product

Arubaos-cx

CWE

CWE-384

Yayın Tarihi

2025-11-18 19:15:47

Güncelleme

2025-12-04 18:19:18

Source Identifier

security-alert@hpe.com

KEV Date Added

Kategoriler

CWE-384 Arubaos-cx MEDIUM Hpe 2025

Referanslar

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Benzer Kayıtlar

Medium

CVE-2026-23597

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

Medium

CVE-2026-23598

Vulnerabilities in the API error handling of an HPE Aruba Networking 5G Core server API could allow an unauthenticated…

High

CVE-2026-23595

An authentication bypass in the application API allows an unauthorized administrative account to be created. A remote at…

Medium

CVE-2026-23596

A vulnerability in the management API of the affected product could allow an unauthenticated remote attacker to trigger…

Critical

CVE-2025-37164

A remote code execution issue exists in HPE OneView.

Medium

CVE-2025-37160

A broken access control (BAC) vulnerability in the web-based management interface could allow an authenticated remote at…