A high-severity vulnerability has been identified in HPE AutoPass License Server (APLS) which could allow a remote attacker to execute arbitrary code. Successful exploitation could lead to a complete compromise of the affected server, enabling an attacker to steal data, disrupt licensing services, and potentially gain further access into the corporate network. Due to the critical nature of this flaw, immediate remediation is strongly recommended.

This is a remote code execution (RCE) vulnerability stemming from the HSQLDB component used within the HPE AutoPass License Server. An unauthenticated remote attacker can exploit this flaw by sending a specially crafted request to the APLS instance. The vulnerability is likely triggered when the HSQLDB engine improperly processes the malicious request, allowing the attacker to execute arbitrary Java code on the server with the permissions of the APLS service account.

This vulnerability is rated as High severity with a CVSS score of 7.5. A successful exploit would grant an attacker complete control over the AutoPass License Server. This could lead to significant business consequences, including the theft of sensitive license and customer data, disruption of critical business applications that rely on the license server, and reputational damage. Furthermore, a compromised server could be used as a pivot point for an attacker to move laterally across the network, escalating the security incident into a much larger breach.

Immediate Action: HPE has released security patches to address this vulnerability. All organizations must apply the patches for HPE AutoPass License Server to upgrade to version 9.0 or later. Priority should be given to patching systems that are accessible from the internet. After patching, review system and application logs for any signs of compromise that may have occurred prior to remediation.

Proactive Monitoring: Security teams should actively monitor for signs of exploitation. Review APLS and web server access logs for unusual or malformed requests, particularly those containing suspicious SQL syntax or Java class names. Monitor network traffic for unexpected outbound connections from the APLS server, which could indicate command-and-control (C2) communication. Enable endpoint monitoring on the server to detect the creation of suspicious files or processes spawned by the APLS service.

Compensating Controls: If patching cannot be performed immediately, implement the following controls to reduce risk:

• Restrict network access to the APLS server at the firewall level, allowing connections only from trusted application servers that require license validation.
• Deploy a Web Application Firewall (WAF) with rules to inspect traffic and block common Java deserialization and SQL injection attack patterns.
• Ensure the APLS service account is configured with the principle of least privilege to limit the potential impact of a successful exploit.

Public Exploit Available: False (as of July 17, 2025)

Given the high severity (CVSS 7.5) and the risk of remote code execution, this vulnerability represents a critical threat to the organization. While CVE-2025-37105 is not currently on the CISA KEV list, its impact warrants immediate attention. We strongly recommend that all vulnerable instances of HPE AutoPass License Server be patched immediately, prioritizing internet-facing systems. If patching is delayed, the compensating controls outlined above must be implemented without delay to mitigate the risk of compromise.