A high-severity vulnerability has been discovered in HPE Aruba Networking SD-WAN Gateways, identified as CVE-2025-37124. This flaw allows a remote attacker, without any authentication, to bypass firewall protections and potentially gain unauthorized access to the internal network. This poses a significant and direct threat to network security, data confidentiality, and the integrity of protected resources.

This vulnerability exists due to improper processing of network traffic by the firewall component of the affected SD-WAN gateways. An unauthenticated, remote attacker can exploit this by sending specially crafted network packets to the gateway. The device fails to correctly apply the configured security policies to these packets, resulting in a bypass of the firewall rules and allowing the malicious traffic to access the protected internal network as if it were legitimate.

This vulnerability is rated as High severity with a CVSS score of 8.6, reflecting the critical risk it poses to the organization. Successful exploitation would dismantle the primary network perimeter defense, allowing an external attacker to access sensitive internal systems, applications, and data stores. The potential consequences include major data breaches, theft of intellectual property, deployment of ransomware, and significant disruption to business operations, leading to severe financial and reputational damage.

Immediate Action: The primary remediation is to apply the security updates provided by HPE Aruba Networking to all affected SD-WAN Gateway devices immediately. Priority should be given to patching internet-facing gateways. After patching, verify the update was successful and the device is running a non-vulnerable software version.

Proactive Monitoring: Security teams should actively monitor firewall and gateway logs for anomalous traffic patterns, specifically for any unexpected connections allowed from untrusted external sources to internal assets. Review access logs on critical internal systems for any unauthorized access attempts. Implement and update Intrusion Detection/Prevention System (IDS/IPS) signatures to detect and block known exploitation attempts as they become available.

Compensating Controls: If immediate patching is not possible, consider implementing stricter ingress filtering rules on upstream network devices to block suspicious traffic before it reaches the vulnerable gateway. Enhance network segmentation to limit an attacker's ability to move laterally within the network if the perimeter is breached. Increase monitoring on critical internal assets for any signs of compromise.

Public Exploit Available: False

This vulnerability represents a critical risk to the security of the entire network. Given the high CVSS score of 8.6 and the ability for an unauthenticated attacker to remotely bypass the firewall, immediate and decisive action is required. Although CVE-2025-37124 is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its severity makes it a prime candidate for future inclusion. We strongly recommend organizations treat this as a critical priority and apply the vendor-supplied patches on an emergency basis to prevent a potential network compromise.