Total
194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-37169 | 1 Arubanetworks | 1 Arubaos | 2026-02-25 | N/A | 7.2 HIGH |
|
A stack overflow vulnerability exists in the AOS-10 web-based management interface of a Mobility Gateway. Successful exploitation could allow an authenticated malicious actor to execute arbitrary code as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37161 | 1 Arubanetworks | 1 Arubaos | 2026-02-13 | N/A | 7.5 HIGH |
|
A vulnerability in the web-based management interface of affected products could allow an unauthenticated remote attacker to cause a denial of service. Successful exploitation could allow an attacker to crash the system, preventing it from rebooting without manual intervention and disrupting network operations.
|
|||||
| CVE-2025-37162 | 1 Arubanetworks | 1 Arubaos | 2026-02-13 | N/A | 6.5 MEDIUM |
|
A vulnerability in the command line interface of affected devices could allow an authenticated remote attacker to conduct a command injection attack. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37170 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37171 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37172 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37173 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
An improper input handling vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor with valid credentials to trigger unintended behavior on the affected system.
|
|||||
| CVE-2025-37174 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Authenticated arbitrary file write vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to create or modify arbitrary files and execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37175 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 7.2 HIGH |
|
Arbitrary file upload vulnerability exists in the web-based management interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files as a privilege user and execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37176 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 6.5 MEDIUM |
|
A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privileges of the impacted mechanism.
|
|||||
| CVE-2025-37177 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 6.5 MEDIUM |
|
An arbitrary file deletion vulnerability has been identified in the command-line interface of mobility conductors running either AOS-10 or AOS-8 operating systems. Successful exploitation of this vulnerability could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37178 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-37179 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 5.3 MEDIUM |
|
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
|
|||||
| CVE-2025-37168 | 1 Arubanetworks | 1 Arubaos | 2026-01-23 | N/A | 8.2 HIGH |
|
Arbitrary file deletion vulnerability have been identified in a system function of mobility conductors running AOS-8 operating system. Successful exploitation of this vulnerability could allow an unauthenticated remote malicious actor to delete arbitrary files within the affected system and potentially result in denial-of-service conditions on affected devices.
|
|||||
| CVE-2025-37135 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37136 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37137 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.5 MEDIUM |
|
Arbitrary file deletion vulnerabilities have been identified in the command-line interface of an AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated remote malicious actor to delete arbitrary files within the affected system.
|
|||||
| CVE-2025-37138 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 6.2 MEDIUM |
|
An authenticated command injection vulnerability exists in the command line interface binary of AOS-10 GW and AOS-8 Controllers/Mobility Conductor operating system. Exploitation of this vulnerability requires physical access to the hardware controllers. A successful attack could allow an authenticated malicious actor with physical access to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37140 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37141 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37142 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in the CLI binary of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-27085 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Multiple vulnerabilities exist in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor. Successful exploitation of these vulnerabilities could allow an authenticated, remote attacker to download arbitrary files from the filesystem of an affected device.
|
|||||
| CVE-2025-27084 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 5.4 MEDIUM |
|
A vulnerability in the Captive Portal of an AOS-10 GW and AOS-8 Controller/Mobility Conductor could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack. Successful exploitation could enable the attacker to execute arbitrary script code in the victim's browser within the context of the affected interface.
|
|||||
| CVE-2025-27082 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
Arbitrary File Write vulnerabilities exist in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated attacker to upload arbitrary files and execute arbitrary commands on the underlying host operating system.
|
|||||
| CVE-2025-27083 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the AOS-10 GW and AOS-8 Controller/Mobility Conductor web-based management interface. Successful exploitation of these vulnerabilities allows an Authenticated attacker to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37143 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
An arbitrary file download vulnerability exists in the web-based management interface of AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an Authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37144 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37145 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 4.9 MEDIUM |
|
Arbitrary file download vulnerabilities exist in a low-level interface library in AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to download arbitrary files through carefully constructed exploits.
|
|||||
| CVE-2025-37132 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An arbitrary file write vulnerability exists in the web-based management interface of both the AOS-10 GW and AOS-8 Controller/Mobility Conductor operating systems. Successful exploitation could allow an authenticated malicious actor to upload arbitrary files and execute arbitrary commands on the underlying operating system.
|
|||||
| CVE-2025-37133 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2025-37134 | 1 Arubanetworks | 1 Arubaos | 2025-11-12 | N/A | 7.2 HIGH |
|
An authenticated command injection vulnerability exists in the CLI binary of an AOS-8 Controller/Mobility Conductor operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-25616 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 3.7 LOW |
|
Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.
|
|||||
| CVE-2024-25615 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.3 MEDIUM |
|
An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-25614 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.5 MEDIUM |
|
There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller.
|
|||||
| CVE-2024-25613 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-25612 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-25611 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 7.2 HIGH |
|
Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.
|
|||||
| CVE-2024-33513 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.9 MEDIUM |
|
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-33514 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.3 MEDIUM |
|
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
|
|||||
| CVE-2024-33515 | 1 Arubanetworks | 1 Arubaos | 2025-07-28 | N/A | 5.3 MEDIUM |
|
Unauthenticated Denial-of-Service (DoS) vulnerabilities exist in the AP Management service accessed via the PAPI protocol. Successful exploitation of these vulnerabilities results in the ability to interrupt the normal operation of the affected service.
|
|||||