Vulnerability uncovered in commonly used HPE Aruba Wi-Fi equipment

HPE has issued a warning about two critical vulnerabilities found in their Aruba Instant On Access Points. The first vulnerability, identified as CVE-2025-37103, has been rated as critical with a CVSS v3.1 score of 9.8. The second vulnerability, CVE-2025-37102, is a high-severity authenticated command injection flaw in the Command Line Interface (CLI) of the access points.

The discovery of these vulnerabilities is concerning due to the straightforward access they provide for knowledgeable actors. With administrative credentials embedded in the firmware, these credentials can be easily discovered, posing a significant risk.

CVE-2025-37103: A Critical Vulnerability

The vulnerability CVE-2025-37103 allows remote attackers to gain administrative access to the Aruba Instant On Access Points. This vulnerability does not affect Instant On Switches. The Ubisectech Sirius Team security researcher ZZ discovered and reported this vulnerability to HPE.

HPE has recommended immediate firmware upgrades to mitigate the risk of CVE-2025-37103. The recommended action is to upgrade to firmware version 3.2.1.0 or newer. Unfortunately, HPE has not provided any alternative workarounds for this critical vulnerability.

CVE-2025-37102: A High-Severity Vulnerability

The vulnerability CVE-2025-37102 affects Instant On Access Points operating firmware version 3.2.0.1 and earlier. Successful exploitation of this vulnerability could grant a remote attacker administrative access to the system. No workarounds are available for this vulnerability, and the recommended action to mitigate the risk is also to upgrade to firmware version 3.2.1.0 or later.

It's important to note that exploitation of CVE-2025-37102 requires administrative access, which can be gained through CVE-2025-37103. Chaining these vulnerabilities allows threat actors to inject arbitrary commands into the CLI, potentially leading to data exfiltration, security disabling, and establishing persistence.

Potential Consequences

The potential consequences of these vulnerabilities are significant. They could result in configuration changes, security reconfigurations, backdoor installations, traffic surveillance, or lateral movement within a network. Given the critical nature of these vulnerabilities, immediate firmware upgrades are strongly recommended.

Aruba Instant On Access Points are compact, plug-and-play wireless devices designed for small to medium-sized businesses. These devices are essential for maintaining connectivity and ensuring smooth operations. However, the discovery of these vulnerabilities underscores the importance of regular security updates and vigilance in maintaining network security.

As of this writing, HPE Aruba Networking has not received any reports of exploitation for either of these vulnerabilities. Nevertheless, the potential risk is too great to ignore, and prompt action is necessary to protect networks from these threats.