Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

A critical flaw found in popular HPE Aruba Wi-Fi devices

The flaw, CVE-2025-37103, has a severity score of 9.8 out of 10 and could allow a remote attacker to gain full administrative access

byKerem Gülen
July 21, 2025
in Cybersecurity, News
Home News Cybersecurity

HPE has issued a warning regarding hardcoded credentials within Aruba Instant On Access Points, which could enable remote attackers to gain administrative access. The vulnerability, identified as CVE-2025-37103, affects Instant On Access Points operating firmware version 3.2.0.1 and earlier, prompting a recommendation for immediate firmware upgrades.

Aruba Instant On Access Points function as compact, plug-and-play wireless devices, designed for small to medium-sized businesses, offering enterprise-grade features and cloud/mobile app management. CVE-2025-37103, rated as critical with a CVSS v3.1 score of 9.8, stems from hardcoded login credentials within the firmware. This allows anyone with knowledge of these credentials to bypass standard device authentication and access the web interface.

HPE’s bulletin specified that successful exploitation could grant a remote attacker administrative access to the system. With administrative credentials embedded in the firmware, their discovery is straightforward for knowledgeable actors, potentially leading to configuration changes, security reconfigurations, backdoor installations, traffic surveillance, or lateral movement within a network.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Inside the LLM system that reads emails like a cybersecurity analyst


The Ubisectech Sirius Team security researcher, identified by the alias ZZ, discovered and reported this vulnerability directly to HPE. To mitigate the risk posed by CVE-2025-37103, users of affected devices are advised to upgrade to firmware version 3.2.1.0 or newer. HPE has not provided any alternative workarounds, making patching the sole recommended action. The bulletin clarifies that CVE-2025-37103 does not impact Instant On Switches.

HPE’s bulletin also details a second vulnerability, CVE-2025-37102, a high-severity authenticated command injection flaw found in the Command Line Interface (CLI) of Aruba Instant On access points. This flaw can be exploited in conjunction with CVE-2025-37103, as administrative access is a prerequisite for its exploitation. Chaining these vulnerabilities allows threat actors to inject arbitrary commands into the CLI, potentially leading to data exfiltration, security disabling, and establishing persistence. Similar to CVE-2025-37103, this issue is resolved by upgrading to firmware version 3.2.1.0 or later, with no available workarounds. HPE Aruba Networking has not received any reports of exploitation for either of these vulnerabilities to date.


Featured image credit

Tags: CybersecurityenterpriseFeaturedHPE

Related Posts

Wikipedia releases guide to spot AI-written articles

Wikipedia releases guide to spot AI-written articles

September 4, 2025
WhatsApp status to add close friends like Instagram

WhatsApp status to add close friends like Instagram

September 4, 2025
Samsung Galaxy Tab S11, Ultra feature Dimensity 9400+

Samsung Galaxy Tab S11, Ultra feature Dimensity 9400+

September 4, 2025
Galaxy S25 FE gets One UI 8 before other S25 models

Galaxy S25 FE gets One UI 8 before other S25 models

September 4, 2025
Gemini in Gmail summarizes emails and threads

Gemini in Gmail summarizes emails and threads

September 4, 2025
Tesla Optimus robot integrates xAI Grok assistant

Tesla Optimus robot integrates xAI Grok assistant

September 4, 2025

LATEST NEWS

Wikipedia releases guide to spot AI-written articles

WhatsApp status to add close friends like Instagram

Samsung Galaxy Tab S11, Ultra feature Dimensity 9400+

Galaxy S25 FE gets One UI 8 before other S25 models

Gemini in Gmail summarizes emails and threads

Tesla Optimus robot integrates xAI Grok assistant

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.