Aruba Products Multiple Vulnerabilities

Release Date: 18 Sep 2025

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit this vulnerability to trigger security restriction bypass, sensitive information disclosure, data manipulation and remote code execution on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation
• Information Disclosure
• Security Restriction Bypass

---

System / Technologies affected

HPE Aruba Networking EdgeConnect SD-WAN Gateways running:

 

• 9.5.x.x: 9.5.3.x and below
• 9.4.x.x: 9.4.3.x and below
• EdgeConnect OS (ECOS) 9.3.x.x was declared out of Maintenance as of June 30, 2025. All builds of this version are affected unless otherwise noted.HPE Aruba Networking EdgeConnect SD-WAN 9.2.x.x: all release streams of this version and older are affected and out of maintenance. HPE Aruba Networking EdgeConnect SD-WAN software versions that are end of maintenance are affected by these vulnerabilities unless otherwise indicated.

 

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US

---

Vulnerability Identifier

• CVE-2025-37123
• CVE-2025-37124
• CVE-2025-37125
• CVE-2025-37126
• CVE-2025-37127
• CVE-2025-37128
• CVE-2025-37129
• CVE-2025-37130
• CVE-2025-37131

---

Source

• Aruba

---

Related Link

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US