CVE-2025-37103
Published Jul 8, 2025
Last updated 2 months ago
AI description
CVE-2025-37103 is a vulnerability found in HPE Networking Instant On Access Points. It involves hard-coded login credentials that allow anyone with knowledge of them to bypass normal device authentication. Successful exploitation of this vulnerability could allow a remote attacker to gain administrative access to the system. This access could then be used to inject arbitrary commands into the CLI, exfiltrate data, or disable security features.
- Description
- Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system.
- Source
- security-alert@hpe.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-798
- Hype score
- Not currently trending
Aruba Networking Instant On の脆弱性 CVE-2025-37103 が FIX:認証情報のハードコード https://t.co/m3khbKY13j HPE Aruba
@iototsecnews
4 Aug 2025
74 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hardkódolt hitelesítő adatok révén szerezhető admin jog a HPE Instant On eszközökön A Hewlett-Packard Enterprise (HPE) biztonsági frissítéseket adott ki, amiben többek között a CVE-2025-37103 azonosítón nyomon követett kritikus sérülékenység is javításra
@linuxmint_hun
30 Jul 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️Vulnerabilidades en HPE Networking Instant On Access Points ❗CVE-2025-37103 ❗CVE-2025-37102 ➡️Más info: https://t.co/dcshr9wBHh https://t.co/mJFF2SvBjm
@CERTpy
29 Jul 2025
126 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Critical flaws in HPE Aruba Instant On Access Points: • CVE-2025-37103 – hardcoded creds = admin access • CVE-2025-37102 – authenticated CLI command injection = root 🔧 Affected: firmware ≤ 3.2.0.1 ✅ Fix: upgrade to 3.2.1.0+ #infosec #vulnerability #CVE
@cyber_sec_raj
26 Jul 2025
59 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
📢 GÜNCELLEME DUYURUSU – HPE Aruba Access Point Kritik Güvenlik Açıkları (CVE-2025-37103, CVE-2025-37102) HPE’nin Aruba Instant On serisi erişim noktalarında tespit edilen kritik güvenlik açıkları, saldırganların sistemlere tam yönetici (admin) yetkisiyle eri
@GMDestekMerkezi
25 Jul 2025
39 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Tracked as CVE-2025-37103 and rated “critical” score: 9.8. https://t.co/OvO35v01ur
@riskigy
23 Jul 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices HPE disclosed a critical flaw (CVE-2025-37103, CVSS 9.8) in Aruba Instant On Wi-Fi devices, affecting firmware versions 3.2.0.1 and earlier. Hardcoded credentials allow attackers to bypass authentication and http
@dCypherIO
22 Jul 2025
34 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Aruba CVE-2025-37103: Hardcoded Credential Flaw https://t.co/YlMLQ6Us9h
@davidbombal
22 Jul 2025
4409 Impressions
13 Retweets
121 Likes
29 Bookmarks
4 Replies
0 Quotes
🚨 ALERTA DE SEGURANÇA – Falha crítica em Access Points HPE Instant On! A Hewlett-Packard Enterprise (HPE) divulgou uma atualização de segurança urgente para corrigir uma falha crítica (CVE-2025-37103, CVSS 9.8) que permite a bypass de autenticação e acesso administr
@brainworkblog
21 Jul 2025
64 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Faille critique chez HPE Aruba ! Deux nouvelles vulnérabilités (dont la CVE-2025-37103) viennent d’être corrigées par HPE. En cause ? Des identifiants codés en dur dans le firmware de certains points d’accès Aruba Instant On, permettant à un attaquant https://t.
@ITConnect_fr
21 Jul 2025
696 Impressions
5 Retweets
10 Likes
1 Bookmark
0 Replies
0 Quotes
Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access Hewlett-Packard Enterprise (HPE) has patched a critical vulnerability, CVE-2025-37103 (CVSS 9.8), in its Networking Instant On Access Points that allowed remote attackers to bypass authentication using htt
@dCypherIO
21 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CRITICAL: Hard-coded credentials discovered in HPE Instant On Access Points (CVE-2025-37103, CVSS 9.8). Attackers can bypass authentication for full admin access. ThreatCluster monitoring for related coverage and exploitation attempts. https://t.co/NKCxJCsIjr #HPE https:
@threatcluster
21 Jul 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
📌 اكتشفت ثغرة أمنية خطيرة في أجهزة HPE Instant On تسمح للمهاجمين بالوصول الإداري من خلال بيانات اعتماد ثابتة. أصدرت شركة Hewlett-Packard Enterprise تحديثات أمان لمعالجة ال
@Cybercachear
21 Jul 2025
1 Impression
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HPE Wi-Fi gear shipped with hardcoded admin logins. CVE-2025-37103 scores 9.8/10—no password needed to hijack your network. It can be chained with a second bug for full system takeover. Full details → https://t.co/oBxYI60xZA... https://t.co/JXLAviv21t
@IT_news_for_all
21 Jul 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 HPE Wi-Fi gear shipped with hardcoded admin logins. CVE-2025-37103 scores 9.8/10—no password needed to hijack your network. It can be chained with a second bug for full system takeover. Full details → https://t.co/Dho2URBkAN
@TheHackersNews
21 Jul 2025
12867 Impressions
26 Retweets
64 Likes
10 Bookmarks
1 Reply
4 Quotes
HPE warns of critical CVE-2025-37103 vulnerability in Aruba Instant On Access Points, enabling unauthorized access due to hardcoded credentials. Users must upgrade firmware to 3.2.1.0 or later. Immediate action needed. #Security https://t.co/SD9EAQpudw
@Strivehawk
20 Jul 2025
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: Critical (9.8) CVE-2025-37103 - Hard-coded credentials in @HPE @HPE_Aruba_NETW Networking Instant On Access Points allow remote attackers to bypass authentication and gain full admin access. Urgently update your systems now! More info: https://t.co/u9x2Z5cnVY #Patch
@CCBalert
10 Jul 2025
259 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
CVE-2025-37103とCVE-2025-37102を組み合わせるとマズそうですね...(Webとコマンドラインでアカウント別でも管理者権限あればコマンドラインのユーザ追加もできそうですし) HPESBNW04894 rev.1 - HPE Networking Instant On, Mult
@autumn_good_35
10 Jul 2025
121 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-37103 Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Suc… https://t.co/IC0UtdDYZ5
@CVEnew
9 Jul 2025
195 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
HPE Networking(旧Aruba)のInstant Onアクセスポイントに複数の脆弱性。CVE-2025-37103はCVSSスコア9.8のハードコードされたログイン認証情報。他脆弱性複数と併せ修正版提供あり。 https://t.co/X192Rm01oI
@__kokumoto
9 Jul 2025
1014 Impressions
2 Retweets
0 Likes
4 Bookmarks
0 Replies
1 Quote