CVE-2025-37172
📋 TL;DR
Authenticated command injection vulnerabilities in Aruba mobility conductors running AOS-8 allow authenticated attackers to execute arbitrary commands with privileged user permissions. This affects organizations using Aruba mobility conductors for wireless network management. Attackers need valid credentials to exploit these vulnerabilities.
💻 Affected Systems
- Aruba Mobility Conductor
📦 What is this software?
Arubaos by Arubanetworks
Arubaos by Arubanetworks
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to install persistent backdoors, steal sensitive network configurations, pivot to other systems, or disrupt wireless network operations.
Likely Case
Attackers with legitimate or stolen credentials gain full administrative control over the mobility conductor, enabling data theft, network reconnaissance, and lateral movement.
If Mitigated
Limited impact due to strong access controls, network segmentation, and monitoring that detects unusual administrative activity.
🎯 Exploit Status
Exploitation requires authenticated access but command injection vulnerabilities are typically straightforward to exploit once authentication is bypassed or credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: AOS-8.12.0.0 and later
Vendor Advisory: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us&docLocale=en_US
Restart Required: Yes
Instructions:
1. Download AOS-8.12.0.0 or later from Aruba support portal. 2. Backup current configuration. 3. Upload and install the new firmware via the web interface or CLI. 4. Reboot the mobility conductor. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Web Management Access
allLimit access to the web management interface to trusted IP addresses only
configure terminal
ip access-list standard WEB-MGMT-ACL
permit host [TRUSTED_IP]
deny any
exit
interface management
ip access-group WEB-MGMT-ACL in
exit
write memory
Disable Web Management Interface
allTemporarily disable the web interface and use CLI-only management
configure terminal
no web-management
write memory
🧯 If You Can't Patch
- Implement strict network segmentation to isolate mobility conductors from other critical systems
- Enforce multi-factor authentication and strong password policies for all administrative accounts
🔍 How to Verify
Check if Vulnerable:
Check the AOS version via CLI: 'show version' and verify if it's below 8.12.0.0Check Version:
show versionVerify Fix Applied:
After patching, run 'show version' to confirm version is 8.12.0.0 or higher📡 Detection & Monitoring
Log Indicators:
- Unusual command execution patterns in system logs
- Multiple failed authentication attempts followed by successful login
- Commands with shell metacharacters in web interface logs
Network Indicators:
- Unusual outbound connections from mobility conductor
- Traffic to unexpected destinations or ports
SIEM Query:
source="aruba-mobility-conductor" AND (event_type="command_execution" OR message="*;*" OR message="*|*" OR message="*`*" OR message="*$(*")