CVE-2025-37179 (GCVE-0-2025-37179)

Vulnerability from cvelistv5 – Published: 2026-01-13 20:08 – Updated: 2026-01-13 20:32
VLAI?
Title
Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System
Summary
Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE
Assigner
hpe
References
Impacted products
Vendor Product Version
Hewlett Packard Enterprise (HPE) ArubaOS (AOS) Affected: 8.12.0.0 , ≤ 8.13.1.0 (semver)
Affected: 8.10.0.0 , ≤ 8.10.0.20 (semver)
Create a notification for this product.
Credits
m0omo0d
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-37179",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T20:32:05.666182Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-125",
                "description": "CWE-125 Out-of-bounds Read",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T20:32:08.785Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "ArubaOS (AOS)",
          "vendor": "Hewlett Packard Enterprise (HPE)",
          "versions": [
            {
              "lessThanOrEqual": "8.13.1.0",
              "status": "affected",
              "version": "8.12.0.0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "8.10.0.20",
              "status": "affected",
              "version": "8.10.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "m0omo0d"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eMultiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.\u003c/p\u003e"
            }
          ],
          "value": "Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T20:09:04.553Z",
        "orgId": "eb103674-0d28-4225-80f8-39fb86215de0",
        "shortName": "hpe"
      },
      "references": [
        {
          "url": "https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US"
        }
      ],
      "source": {
        "advisory": "HPESBNW04987",
        "discovery": "INTERNAL"
      },
      "title": "Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "eb103674-0d28-4225-80f8-39fb86215de0",
    "assignerShortName": "hpe",
    "cveId": "CVE-2025-37179",
    "datePublished": "2026-01-13T20:08:58.718Z",
    "dateReserved": "2025-04-16T01:28:25.379Z",
    "dateUpdated": "2026-01-13T20:32:08.785Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-37179\",\"sourceIdentifier\":\"security-alert@hpe.com\",\"published\":\"2026-01-13T20:16:06.113\",\"lastModified\":\"2026-01-14T16:25:40.430\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-alert@hpe.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"references\":[{\"url\":\"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US\",\"source\":\"security-alert@hpe.com\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-37179\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-01-13T20:32:05.666182Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-01-13T20:32:01.045Z\"}}], \"cna\": {\"title\": \"Out-of-Bounds Read Vulnerabilities Leading to Process Crash in AOS-8 Operating System\", \"source\": {\"advisory\": \"HPESBNW04987\", \"discovery\": \"INTERNAL\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"m0omo0d\"}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Hewlett Packard Enterprise (HPE)\", \"product\": \"ArubaOS (AOS)\", \"versions\": [{\"status\": \"affected\", \"version\": \"8.12.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.13.1.0\"}, {\"status\": \"affected\", \"version\": \"8.10.0.0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"8.10.0.20\"}], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04987en_us\u0026docLocale=en_US\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"Multiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cp\u003eMultiple out-of-bounds read vulnerabilities were identified in a system component responsible for handling certain data buffers. Due to insufficient validation of maximum buffer size values, the process may attempt to read beyond the intended memory region. Under specific conditions, this can result in a crash of the affected process and a potential denial-of-service of the compromised process.\u003c/p\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"shortName\": \"hpe\", \"dateUpdated\": \"2026-01-13T20:09:04.553Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-37179\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-01-13T20:32:08.785Z\", \"dateReserved\": \"2025-04-16T01:28:25.379Z\", \"assignerOrgId\": \"eb103674-0d28-4225-80f8-39fb86215de0\", \"datePublished\": \"2026-01-13T20:08:58.718Z\", \"assignerShortName\": \"hpe\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.