Warning: Critical vulnerability (CVE-2025-37103) affects HPE Networking Instant On Access Points, allowing remote attackers to gain full administrative access, Patch Immediately!

Published : 10/07/2025

Last update: 10/07/2025

Affected software:
→ HPE (Aruba) Networking Instant On Access Points versions ≤ 3.2.0.1

Type: Use of Hard-coded Credentials

CVE/CVSS
→ CVE-2025-37103: CVSS 9.8 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

Sources

HPE - https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

Risks

Successful exploitation of this vulnerability in HPE (Aruba) Networking Instant On Access Points versions ≤ 3.2.0.1 allow remote attackers to bypass authentication and gain full admin access.

This vulnerability has a significant impact on confidentiality, integrity, and availability.

There is currently no evidence of this vulnerability being actively exploited.

Description

In affected versions, HPE Networking Instant On Access Points contain a vulnerability that allows remote attackers to:

Gain administrative access to the device without authentication
Reconfigure or disable wireless network settings
Intercept, monitor, or reroute user traffic for data theft or surveillance
Deploy malicious firmware or backdoors for persistent access
Leverage the compromised device as a foothold into internal networks

Recommended Actions

Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority after thorough testing.

Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity and ensure a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via https://ccb.belgium.be/en/cert/report-incident.

While patching appliances or software to the newest version may protect against future exploitation, it does not remediate historic compromise.

References

NVD - https://nvd.nist.gov/vuln/detail/CVE-2025-37103