Aruba Products Multiple Vulnerabilities

Release Date: 15 Jan 2026

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Aruba Products. A remote attacker could exploit these vulnerabilities to trigger denial of service condition, security restriction bypass, data manipulation and remote code execution on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation
• Security Restriction Bypass
• Denial of Service

---

System / Technologies affected

• AOS-10.7.x.x: 10.7.2.1 and below
• AOS-10.4.x.x: 10.4.1.9 and below
• AOS-8.13.x.x: 8.13.1.0 and below
• AOS-8.10.x.x: 8.10.0.20 and below

 

HPE Aruba Networking End of Maintenance (EoM) Software Version(s):

 

• AOS-10.6.x.x: all
• AOS-10.5.x.x: all
• AOS-10.3.x.x: all
• AOS-8.12.x.x: all
• AOS-8.11.x.x: all
• AOS-8.9.x.x: all
• AOS-8.8.x.x: all
• AOS-8.7.x.x: all
• AOS-8.6.x.x: all
• AOS-6.5.4.x: all
• SD-WAN 8.7.0.0-2.3.0.x: all
• SD-WAN 8.6.0.4-2.2.x.x: all

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US

Note: End of Maintenance (EoM) versions are not addressed by the provided solution.

---

Vulnerability Identifier

• CVE-2025-37168
• CVE-2025-37169
• CVE-2025-37170
• CVE-2025-37171
• CVE-2025-37172
• CVE-2025-37173
• CVE-2025-37174
• CVE-2025-37175
• CVE-2025-37176
• CVE-2025-37177
• CVE-2025-37178
• CVE-2025-37179

---

Source

• Aruba

---

Related Link

• https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US