A high-severity vulnerability has been identified in HPE Aruba Networking EdgeConnect SD-WAN Gateways. This flaw allows an attacker who already has access to the device's command-line interface to gain full administrative control, potentially leading to network traffic interception, data theft, and further attacks on the internal network. Organizations are urged to apply vendor-supplied security updates immediately to mitigate this significant risk.

This is a privilege escalation vulnerability existing within the command-line interface (CLI) of the affected devices. An attacker must first possess valid, authenticated credentials to access the device's CLI, likely via a remote protocol such as SSH. Once authenticated, the attacker can execute a specially crafted command or sequence of commands that exploits a flaw in the CLI's processing, allowing them to elevate their privileges to a higher level, such as root or a full administrator.

This vulnerability is rated as High severity with a CVSS score of 8.8. Successful exploitation could have a severe impact on business operations. An attacker with administrative control over an SD-WAN gateway can monitor, modify, and reroute all network traffic passing through it, leading to a loss of data confidentiality and integrity. Furthermore, the attacker could disrupt network connectivity, causing service outages, or use the compromised gateway as a launch point to attack other sensitive systems within the corporate network.

Immediate Action: Identify all vulnerable HPE Aruba Networking EdgeConnect SD-WAN Gateways within the environment and apply the security updates provided by the vendor immediately. Prioritize patching for internet-facing or mission-critical devices.

Proactive Monitoring: System administrators should actively monitor for signs of exploitation. Review device logs for unusual or unauthorized login attempts to the CLI, unexpected system reboots, or unauthorized configuration changes. Monitor command history logs for suspicious commands that deviate from normal administrative activity.

Compensating Controls: If immediate patching is not feasible, implement the following controls to reduce risk:

• Restrict access to the device's management CLI to a limited set of trusted IP addresses using firewalls or access control lists (ACLs).
• Enforce multi-factor authentication (MFA) for all administrative accounts to prevent unauthorized access.
• Ensure all user accounts are configured with the principle of least privilege, limiting their ability to execute commands.

Public Exploit Available: false

Given the high severity (CVSS 8.8) and the critical role of SD-WAN gateways in network infrastructure, this vulnerability poses a significant risk. We strongly recommend that organizations prioritize the immediate application of vendor-supplied patches to all affected systems. Although CVE-2025-37123 is not currently on the CISA KEV list, its potential for complete device compromise warrants urgent attention to prevent potential network disruption and data breaches.