CVE-2025-37174

High

Published: 13 January 2026

Published

13 January 2026

Modified

23 January 2026

KEV Added

—

Patch

—

CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0006 18.6th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-37174 is a high-severity Insecure Inherited Permissions (CWE-277) vulnerability in Arubanetworks Arubaos. Its CVSS base score is 7.2 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 18.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques.

Threat & Defense Details

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059 Command and Scripting Interpreter Execution

Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.

attack.mitre.org →

T1100 Web Shell Persistence

A Web shell is a Web script that is placed on an openly accessible Web server to allow an adversary to use the Web server as a gateway into a network.

attack.mitre.org →

Why these techniques?

Web management interface vuln enables public-facing app exploitation (T1190); arbitrary file write + command exec directly supports web shell deployment (T1100) and command/script execution (T1059) as privileged user.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as…

a privileged user on the underlying operating system.

Deeper analysisAI

An authenticated arbitrary file write vulnerability, tracked as CVE-2025-37174, exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Published on 2026-01-13, this flaw corresponds to CWE-277 and carries a CVSS v3.1 base score of 7.2 (AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H), indicating high confidentiality, integrity, and availability impacts with network accessibility and low attack complexity.

The vulnerability can be exploited by an authenticated malicious actor possessing high privileges. Successful exploitation enables the attacker to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system, potentially resulting in full system compromise.

Mitigation guidance is provided in the HPE security advisory available at https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US.

Details

CWE(s): CWE-277

Affected Products

arubanetworks

arubaos

6.5.4.0 — 8.10.0.21 · 8.11.0.0 — 8.13.1.1 · 10.3.0.0 — 10.4.1.10

CVEs Like This One

CVE-2025-37175Same product: Arubanetworks Arubaos

CVE-2025-37173Same product: Arubanetworks Arubaos

CVE-2025-37169Same product: Arubanetworks Arubaos

CVE-2025-37172Same product: Arubanetworks Arubaos

CVE-2025-37176Same product: Arubanetworks Arubaos

CVE-2025-37170Same product: Arubanetworks Arubaos

CVE-2025-37171Same product: Arubanetworks Arubaos

CVE-2025-37168Same product: Arubanetworks Arubaos

CVE-2025-37178Same product: Arubanetworks Arubaos

CVE-2025-37181Same vendor: Arubanetworks

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US
Vendor Advisory · security-alert@hpe.com