CVE-2025-37159

🗓️ 18 Nov 2025 18:52:46Reported by hpeType

CVE-2025-37159: Authenticated session hijacking in AOS-CX web management enables unauthorized access to active sessions and configurations.

Reporter	Title	Published	Views	Family All 7
CNNVD	HPE Aruba Networking AOS-CX 安全漏洞	18 Nov 202500:00	–	cnnvd
Cvelist	CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software	18 Nov 202518:52	–	cvelist
EUVD	EUVD-2025-198066	18 Nov 202521:32	–	euvd
NVD	CVE-2025-37159	18 Nov 202519:15	–	nvd
Positive Technologies	PT-2025-47389	18 Nov 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-37159	19 Nov 202519:19	–	redhatcve
Vulnrichment	CVE-2025-37159 Authenticated Session Hijacking Allows Unauthorized Access in Network Switching Software	18 Nov 202518:52	–	vulnrichment

NVD

Node

hpe arubaos-cxRange10.10.0000–10.10.1170

hpe arubaos-cxRange10.13.0000–10.13.1101

hpe arubaos-cxRange10.14.0000–10.14.1060

hpe arubaos-cxRange10.15.0000–10.15.1030

hpe arubaos-cxRange10.16.0000–10.16.1001

[
  {
    "defaultStatus": "affected",
    "product": "HPE Aruba Networking AOS-CX",
    "vendor": "Hewlett Packard Enterprise (HPE)",
    "versions": [
      {
        "lessThanOrEqual": "10.16.1000",
        "status": "affected",
        "version": "10.16.0000",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.15.1020",
        "status": "affected",
        "version": "10.15.0000",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.14.1050",
        "status": "affected",
        "version": "10.14.0000",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.13.1090",
        "status": "affected",
        "version": "10.13.0000",
        "versionType": "semver"
      },
      {
        "lessThanOrEqual": "10.10.1160",
        "status": "affected",
        "version": "10.10.0000",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
support	www.support.hpe.com/hpesc/public/docDisplay

04 Dec 2025 18:19Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.15.8 - 7.3

EPSS0.00027

SSVC

CWE-384