Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2025-37159

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

Published: Nov 18, 2025
Updated: Nov 19, 2025
CVE: CVE-2025-37159
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.8
AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CWEs:

CWE-384

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
hpe / arubaos-cx	10.10.0000	10.10.1170
hpe / arubaos-cx	10.13.0000	10.13.1101
hpe / arubaos-cx	10.14.0000	10.14.1060
hpe / arubaos-cx	10.15.0000	10.15.1030
hpe / arubaos-cx	10.16.0000	10.16.1001

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo