Cyber Resilience

CVE-2025-37123

High

Published: 16 September 2025

Published
16 September 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0033 55.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-37123 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Hpe (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked in the top 44.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2025-37123 is a privilege escalation vulnerability in the command-line interface (CLI) of HPE Aruba Networking EdgeConnect SD-WAN Gateways. It enables an authenticated remote attacker to gain elevated privileges, potentially allowing execution of arbitrary system commands with root privileges on the underlying operating system. The vulnerability is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-269 (Improper Privilege Management). It was published on 2025-09-16.

An attacker with low-privilege authenticated remote access (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N) required. Successful exploitation grants root-level access, enabling high-impact confidentiality, integrity, and availability compromises, such as full system takeover on affected gateways.

HPE has published a security advisory with mitigation details at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US.

EU & UK References

Vulnerability details

A vulnerability in the command-line interface of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to escalate privileges. Successful exploitation of this vulnerability may enable the attacker to execute arbitrary system commands with root privileges on…

more

the underlying operating system.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
T1059.008 Network Device CLI Execution
Adversaries may abuse scripting or built-in command line interpreters (CLI) on network devices to execute malicious command and payloads.
Why these techniques?

Direct privilege escalation via authenticated network CLI access enabling root-level arbitrary command execution on network device.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-44250Shared CWE-269
CVE-2024-53706Shared CWE-269
CVE-2025-66374Shared CWE-269
CVE-2026-28995Shared CWE-269
CVE-2025-43199Shared CWE-269
CVE-2025-36640Shared CWE-269
CVE-2025-8899Shared CWE-269
CVE-2024-47770Shared CWE-269
CVE-2025-24254Shared CWE-269
CVE-2025-27639Shared CWE-269

Affected Assets

Hpe
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters CWE-269 Improper Privilege Management by enforcing least privilege for accounts and processes, preventing low-privilege authenticated users from escalating to root via the CLI vulnerability.

prevent

Requires timely flaw remediation, directly addressing the specific privilege escalation vulnerability in the HPE Aruba EdgeConnect SD-WAN Gateway CLI by applying vendor patches.

prevent

Mandates enforcement mechanisms for access control policies that block unauthorized privilege escalations from low-privilege remote CLI sessions to root-level command execution.

References