Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI toolsNEW
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

A critical flaw found in popular HPE Aruba Wi-Fi devices

The flaw, CVE-2025-37103, has a severity score of 9.8 out of 10 and could allow a remote attacker to gain full administrative access

byKerem Gülen
July 21, 2025
in Cybersecurity, News
Home News Cybersecurity
Share on FacebookShare on TwitterShare on LinkedInShare on WhatsAppShare on e-mail
Google Preferred Source

HPE has issued a warning regarding hardcoded credentials within Aruba Instant On Access Points, which could enable remote attackers to gain administrative access. The vulnerability, identified as CVE-2025-37103, affects Instant On Access Points operating firmware version 3.2.0.1 and earlier, prompting a recommendation for immediate firmware upgrades.

Aruba Instant On Access Points function as compact, plug-and-play wireless devices, designed for small to medium-sized businesses, offering enterprise-grade features and cloud/mobile app management. CVE-2025-37103, rated as critical with a CVSS v3.1 score of 9.8, stems from hardcoded login credentials within the firmware. This allows anyone with knowledge of these credentials to bypass standard device authentication and access the web interface.

HPE’s bulletin specified that successful exploitation could grant a remote attacker administrative access to the system. With administrative credentials embedded in the firmware, their discovery is straightforward for knowledgeable actors, potentially leading to configuration changes, security reconfigurations, backdoor installations, traffic surveillance, or lateral movement within a network.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.


Inside the LLM system that reads emails like a cybersecurity analyst


The Ubisectech Sirius Team security researcher, identified by the alias ZZ, discovered and reported this vulnerability directly to HPE. To mitigate the risk posed by CVE-2025-37103, users of affected devices are advised to upgrade to firmware version 3.2.1.0 or newer. HPE has not provided any alternative workarounds, making patching the sole recommended action. The bulletin clarifies that CVE-2025-37103 does not impact Instant On Switches.

HPE’s bulletin also details a second vulnerability, CVE-2025-37102, a high-severity authenticated command injection flaw found in the Command Line Interface (CLI) of Aruba Instant On access points. This flaw can be exploited in conjunction with CVE-2025-37103, as administrative access is a prerequisite for its exploitation. Chaining these vulnerabilities allows threat actors to inject arbitrary commands into the CLI, potentially leading to data exfiltration, security disabling, and establishing persistence. Similar to CVE-2025-37103, this issue is resolved by upgrading to firmware version 3.2.1.0 or later, with no available workarounds. HPE Aruba Networking has not received any reports of exploitation for either of these vulnerabilities to date.


Featured image credit

Tags: CybersecurityenterpriseFeaturedHPE

Related Posts

Android Halo will place AI agent updates in status bar

Android Halo will place AI agent updates in status bar

July 2, 2026
WhatsApp usernames spark impersonation and fraud concerns

WhatsApp usernames spark impersonation and fraud concerns

July 2, 2026
Apple reportedly plans entry-level MacBook Pro redesign for 2027

Apple reportedly plans entry-level MacBook Pro redesign for 2027

July 2, 2026
X launches Live Studio with new creator payouts

X launches Live Studio with new creator payouts

July 2, 2026
Sony will end physical PlayStation game discs in 2028

Sony will end physical PlayStation game discs in 2028

July 2, 2026
Microsoft explores disc-to-digital support for Xbox games

Microsoft explores disc-to-digital support for Xbox games

July 2, 2026

LATEST NEWS

Android Halo will place AI agent updates in status bar

WhatsApp usernames spark impersonation and fraud concerns

Apple reportedly plans entry-level MacBook Pro redesign for 2027

X launches Live Studio with new creator payouts

Sony will end physical PlayStation game discs in 2028

Microsoft explores disc-to-digital support for Xbox games

BEST AI MODELS LEADERBOARD

See the best AI models, ranked by intelligence, benchmark results, speed and token price. Find the most suitable LLMs, Text-to-Image, Image Editing, Text-to-Speech, Text-to-Video and Image-to-Video  artificial intelligence model for your tasks and business.

LATEST TOOLS

Copyleaks – Plagiarism detector

Clipping Magic

KoalaChat

SpeechText

Booknotes

Unscrambler

LingoLooper

Politepost

Evolup

Wondercraft

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Whitepapers
    • AI Models Leaderboard
  • AI tools
  • Newsletter
  • + More
    • Glossary
    • Conversations
    • Events
    • About
      • Who we are
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies to improve your experience. You can choose to accept or reject them. Visit our Privacy Policy.