HPE Aruba Network Flaw Exposes Sensitive Data to Potential Hackers

HPE Aruba Networking has issued a critical security advisory regarding a high-severity vulnerability in its Private 5G Core Platform.

Tracked as CVE-2025-37100, the flaw enables unauthorized access to sensitive system files, posing a significant risk to enterprise confidentiality and infrastructure integrity.

This security bulletin outlines the technical details, risk factors, and remediation steps for affected organizations.

Vulnerability Overview and Technical Details

The vulnerability resides in the API implementation of HPE Aruba Networking Private 5G Core, specifically affecting software versions from 1.24.1.0 through 1.25.1.0.

Due to improper access controls (CWE-284), a remote authenticated user can bypass security restrictions to navigate the filesystem and download protected system files containing sensitive information.

The attack vector is network-based, meaning exploitation can occur remotely if the attacker has valid credentials or can otherwise authenticate to the system.

The vulnerability was discovered during internal penetration testing, and as of the advisory’s release, there is no evidence of public exploit code or active exploitation in the wild.

CVSSv3.1 Score and Vector:

• Score: 7.7 (High)
• Vector: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

This indicates that the vulnerability is remotely exploitable (AV:N), requires low attack complexity (AC:L), and low-privileged authentication (PR:L), while impacting confidentiality at a high level (C:H) and scope across multiple systems (S:C).

Risk Analysis and Impact

The exposure of sensitive system files, such as configuration data, authentication secrets, and operational logs, can lead to further compromise of the private 5G infrastructure.

could leverage stolen information to escalate privileges, conduct lateral movement, or disrupt critical services.

Below is a risk factor table summarizing the key aspects of the vulnerability:

Mitigation and Remediation

HPE Aruba Networking has released version 1.25.1.1 to address this vulnerability.

Organizations are strongly advised to upgrade to this version or later to protect their systems from potential exploitation.

Immediate Workaround:
Until the patch can be applied, HPE recommends disabling the ‘Terminal’ service through the platform’s graphical user interface:

1. Navigate to: System > Services in the GUI.
2. Toggle the ‘Terminal’ service to disabled or click the stop button.

This action reduces the attack surface by limiting access to vulnerable API endpoints.

Additional Security Recommendations:

• Restrict API Access: Ensure that the API is only accessible from within the local network, minimizing exposure to external threats.
• Monitor for Unusual Activity: Implement logging and monitoring to detect unauthorized access attempts.
• Review Access Controls: Regularly audit user permissions and access policies to prevent privilege escalation.

CVE-2025-37100 represents a significant threat to organizations running HPE Aruba Networking Private 5G Core software.

The ability for an attacker to remotely download sensitive system files underscores the importance of timely patching and robust access controls.

HPE’s advisory provides clear guidance for mitigation, and organizations should act swiftly to apply updates and implement recommended security measures.

For further support or to report security concerns, contact HPE’s Product Security Response Team via email or the official web portal.

Stay vigilant and review security procedures regularly to maintain the integrity of critical network infrastructure.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates