Vulnerability Database

322,904

Total vulnerabilities in the database

CVE-2025-37184

A vulnerability exists in an Orchestrator service that could allow an unauthenticated remote attacker to bypass multi-factor authentication requirements. Successful exploitation could allow an attacker to create an admin user account without the necessary multi-factor authentication, thereby compromising the integrity of secured access to the system.

Published: Jan 14, 2026
Updated: Jan 15, 2026
CVE: CVE-2025-37184
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWEs:

CWE-287

OWASP TOP 10:

A2 - Broken Authentication

Affected Software
References

Software	From	Fixed in
arubanetworks / edgeconnect_sd-wan_orchestrator	9.2.0	9.2.10.x
arubanetworks / edgeconnect_sd-wan_orchestrator	9.3.0	9.3.6
arubanetworks / edgeconnect_sd-wan_orchestrator	9.4.0	9.4.3
arubanetworks / edgeconnect_sd-wan_orchestrator	9.5.0	9.5.6
arubanetworks / edgeconnect_sd-wan_orchestrator	9.6.0	9.6.0.x

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo