Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Hewlett Packard Enterprise (HPE) — Vulnerabilities & Security Advisories 450

Browse all 450 CVE security advisories affecting Hewlett Packard Enterprise (HPE). AI-powered Chinese analysis, POCs, and references for each vulnerability.

Hewlett Packard Enterprise (HPE) operates as a critical infrastructure provider, designing and selling servers, storage, networking hardware, and associated software solutions for enterprise data centers. With 418 recorded CVEs, the company’s attack surface primarily involves its managed services and hardware management interfaces. Historically, common vulnerability classes include remote code execution (RCE) and cross-site scripting (XSS), often stemming from web-based management consoles like HPE OneView or iLO. Privilege escalation flaws also appear frequently, allowing unauthorized users to gain administrative control over managed devices. Notable incidents have included credential exposure and insecure default configurations in firmware updates, which attackers exploited to pivot into internal networks. These weaknesses highlight the risks inherent in complex, interconnected enterprise ecosystems where management planes are often targeted. The high volume of vulnerabilities underscores the necessity for rigorous patch management and strict access controls across HPE’s extensive product portfolio to mitigate potential systemic breaches.

Top products by Hewlett Packard Enterprise (HPE): Aruba Mobility Conductor (formerly Mobility Master); Aruba Mobility Controllers; WLAN Gateways and SD-WAN Gateways managed by Aruba Central ArubaOS (AOS) Aruba ClearPass Policy Manager HPE Aruba Networking Wireless Operating System (AOS) EdgeConnect SD-WAN Orchestrator Aruba EdgeConnect Enterprise Software AOS-8 Instant and AOS-10 AP Aruba Access Points running InstantOS and ArubaOS 10 Aruba Access Points: 100 Series; 103 Series; 110 Series; 120 Series; 130 Series; 200 Series; 207 Series; 210 Series; 220 Series; 260 Series; 300 Series; 303 Series; 310 Series; 318 Series Hardened Access Points; 320 Series; 330 Series; 340 Series; 370 Series; 500 Series; 510 Series; 530 Series; 550 Series; 630 Series; 650 Series; Aruba EdgeConnect Enterprise Orchestration Software HPE OneView HPE Aruba Networking ClearPass Policy Manager AOS-CX HPE Aruba Networking EdgeConnect SD-WAN Gateway HPE Athonet Core HPE StoreOnce Software HPE 3PAR Service Processor ArubaOS Wi-Fi Controllers and Campus/Remote Access Points Aruba OS HPE Aruba Networking Access Points, Instant AOS-8, and AOS-10 HPE Aruba Networking AOS HPE 3PAR StoreServ Management and Core Software Media HPE Aruba Networking EdgeConnect SD-WAN HPE Aruba Networking Fabric Composer (AFC) HPE Aruba Networking Private 5G Core HPE Aruba Networking InstantOS and Aruba Access Points running ArubaOS 10 HPE Aruba Networking AOS-CX HPE Insight Remote Support HPE Aruba Networking Wireless Operating System (AOS-10 & AOS-8) ClearPass Policy Manager (CPPM)
CVE IDTitleCVSSSeverityPublished
CVE-2025-37137 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) — ArubaOS (AOS) 6.5 Medium2025-10-14
CVE-2025-37136 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) — ArubaOS (AOS) 6.5 Medium2025-10-14
CVE-2025-37135 Authenticated Arbitrary File Deletion Vulnerabilities in AOS-8 Controller/Mobility Conductor Command Line Interface (CLI) — ArubaOS (AOS) 6.5 Medium2025-10-14
CVE-2025-37134 Authenticated Command Injection Vulnerability in the Low-Level Interface Library Affecting AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface — ArubaOS (AOS) 7.2 High2025-10-14
CVE-2025-37133 Authenticated Command Injection Vulnerability in AOS-8 Controller/Mobility Conductor Web-Based Management Interface via the CLI Binaryalong with accounting controls for tracking and logging user activities and resource usage. — ArubaOS (AOS) 7.2 High2025-10-14
CVE-2025-37132 Authenticated Remote Code Execution Vulnerability in AOS-10 GW and AOS-8 Controller/Mobility Conductor Web-Based Management Interface via Arbitrary File Write — ArubaOS (AOS) 7.2 High2025-10-14
CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability — ArubaOS (AOS) 6.5 Medium2025-10-14
CVE-2025-37147 Secure Boot Bypass allows for Compromise of Hardware Root of Trust — ArubaOS (AOS) 7.1 High2025-10-14
CVE-2025-37146 Unauthorized Filesystem Operations in System Firmware allow Authenticated Remote Code Execution — ArubaOS (AOS) 7.2 High2025-10-14
CVE-2025-37149 HPE ProLiant RL300 Gen11 Server 安全漏洞 — ProLiant RL300 Gen11 Server 6.0 Medium2025-10-14
CVE-2025-37122 Unauthenticated Reflected Cross-Site Scripting — HPE Aruba Networking ClearPass Policy Manager 6.1 Medium2025-09-17
CVE-2025-37125 Broken access control vulnerability in Firewall Configuration Leads to Unauthorized Access to Internal Network Resources — HPE Aruba Networking EdgeConnect SD-WAN Gateway 7.5 High2025-09-16
CVE-2025-37123 Authenticated Command Injection leads to Unauthorized Actions in CLI Interface — HPE Aruba Networking EdgeConnect SD-WAN Gateway 8.8 High2025-09-16
CVE-2025-37124 Unauthenticated Access Vulnerability allows Transit Traffic Misrouting in SD-WAN Edge Interface — HPE Aruba Networking EdgeConnect SD-WAN Gateway 8.6 High2025-09-16
CVE-2025-37128 Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS — HPE Aruba Networking EdgeConnect SD-WAN Gateway 6.8 Medium2025-09-16
CVE-2025-37129 Authenticated Remote Code Execution allows Exploit in Scripts Feature — HPE Aruba Networking EdgeConnect SD-WAN Gateway 6.7 Medium2025-09-16
CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability — HPE Aruba Networking EdgeConnect SD-WAN Gateway 7.2 High2025-09-16
CVE-2025-37130 Unrestricted Binary allows File Enumeration in Underlying Operating System — HPE Aruba Networking EdgeConnect SD-WAN Gateway 6.5 Medium2025-09-16
CVE-2025-37126 Authenticated Remote Code Execution in HPE Aruba Networking EdgeConnect SD-WAN Gateways Command Line Interface — HPE Aruba Networking EdgeConnect SD-WAN Gateway 7.2 High2025-09-16
CVE-2025-37131 Authenticated Arbitrary File Read allows Data Exposure in CLI Interface — HPE Aruba Networking EdgeConnect SD-WAN Gateway 4.9 Medium2025-09-16
CVE-2025-37109 HPE Telco Service Activator, Protection Mechanism Failure — HPE Telco Service Activator 3.5 Low2025-07-31
CVE-2025-37108 HPE Telco Service Activator, Protection Mechanism Failure — HPE Telco Service Activator 3.5 Low2025-07-31
CVE-2025-37104 HPE Telco Service Orchestrator Software, Authenticated SQL Injection — HPE Telco Service Orchestrator 7.1 High2025-07-16
CVE-2025-37103 Hardcoded Credential Exposure Allows Unauthorized Access in Web Interface — HPE Networking Instant On 9.8 Critical2025-07-08
CVE-2025-37102 Authenticated Command Injection Vulnerability In Instant On Command Line Interface — HPE Networking Instant On 7.2 High2025-07-08
CVE-2025-37100 Exposure of Sensitive Information to an Unauthorized User in HPE Aruba Networking Private 5G Core — HPE Aruba Networking Private 5G Core 7.7 High2025-06-10
CVE-2025-37096 Hewlett Packard Enterprise StoreOnce 安全漏洞 — HPE StoreOnce Software 8.8AIHighAI2025-06-02
CVE-2025-37095 Hewlett Packard Enterprise StoreOnce 安全漏洞 — HPE StoreOnce Software 6.5AIMediumAI2025-06-02
CVE-2025-37094 Hewlett Packard Enterprise StoreOnce 安全漏洞 — HPE StoreOnce Software 5.5 Medium2025-06-02
CVE-2025-37093 Hewlett Packard Enterprise StoreOnce 安全漏洞 — HPE StoreOnce Software 9.8 Critical2025-06-02

This page lists every published CVE security advisory associated with Hewlett Packard Enterprise (HPE). Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.