Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ArubaOS (AOS) — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in ArubaOS (AOS), with AI-generated Chinese analysis, references, and POCs.

Vendor: Hewlett Packard Enterprise (HPE)

CVE IDTitleCVSSSeverityPublished
CVE-2025-37179 Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System 5.3 Medium2026-01-13
CVE-2025-37178 Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System 5.3 Medium2026-01-13
CVE-2025-37177 Authenticated Arbitrary File Deletion Vulnerability in AOS-10 or AOS-8 Command Line Interface (CLI) 6.5 Medium2026-01-13
CVE-2025-37176 Authenticated Command Injection Vulnerability in an AOS-8 operating system's internal workflow 6.5 Medium2026-01-13
CVE-2025-37175 Authenticated Arbitrary File Upload Vulnerability in AOS-10 or AOS-8 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37174 Authenticated Arbitrary File Write Vulnerability in AOS 10 and AOS-8 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37173 Improper Input Handling Vulnerability in Authenticated Configuration API Endpoint (AOS-10/AOS-8 Web UI) 7.2 High2026-01-13
CVE-2025-37172 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37171 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37170 Authenticated Command Injection Vulnerabilities in AOS-8 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37169 Stack Overflow Vulnerability in AOS-10 Web-Based Management Interface 7.2 High2026-01-13
CVE-2025-37168 Unauthenticated Arbitrary File Deletion Vulnerability in AOS-8 Operating System 8.2 High2026-01-13
CVE-2025-37145 Authenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface 4.9 Medium2025-10-14
CVE-2025-37144 Authenticated Arbitrary File Download Vulnerabilities in a Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface 4.9 Medium2025-10-14
CVE-2025-37143 Authenticated Arbitrary File Download Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web Interface (Physical Access Required) 4.9 Medium2025-10-14
CVE-2025-37142 Authenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management Interface 4.9 Medium2025-10-14
CVE-2025-37141 Authenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management Interface 4.9 Medium2025-10-14
CVE-2025-37140 Authenticated Arbitrary File Download Vulnerabilities in CLI Binary of AOS-8 Controller/Mobility Conductor Web-Based Management Interface 4.9 Medium2025-10-14
CVE-2025-37139 Vulnerability in AOS firmware allows for Authenticated Local malicious actor to Permanently Disable Boot 6.0 Medium2025-10-14
CVE-2025-37138 Authenticated Command Injection Vulnerability in CLI Binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface (Physical Access Required) 6.2 Medium2025-10-14
CVE-2025-37137 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) 6.5 Medium2025-10-14
CVE-2025-37136 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) 6.5 Medium2025-10-14
CVE-2025-37135 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) 6.5 Medium2025-10-14
CVE-2025-37134 Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface 7.2 High2025-10-14
CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage. 7.2 High2025-10-14
CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write 7.2 High2025-10-14
CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability 6.5 Medium2025-10-14
CVE-2025-37147 Secure Boot Bypass allows for Compromise of Hardware Root of Trust 7.1 High2025-10-14
CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution 7.2 High2025-10-14

All 29 known CVE vulnerabilities affecting ArubaOS (AOS) with full Chinese analysis, references, and POCs where available.