What happened
Hewlett Packard Enterprise (HPE) warned that a critical vulnerability in Aruba AOS-CX network operating systems allows attackers with low-level access to reset administrator passwords and take over affected switches. The flaw, tracked as CVE-2025-37103, affects multiple AOS-CX versions and stems from insecure permission controls in a service manager component. According to HPE, exploitation lets an authenticated attacker with manager-level privileges trigger a password reset for the built-in administrator account, potentially gaining full control of the device. The company released patches and mitigation guidance for affected versions, and assigned the issue a CVSS score of 9.8.
Who is affected
Organizations running vulnerable versions of Aruba AOS-CX on supported switching platforms are affected, particularly environments where attackers could already obtain authenticated access with lower-level privileges.
Why CISOs should care
The vulnerability affects core network infrastructure, where unauthorized administrator password resets could lead to device takeover, configuration tampering, and broader compromise of enterprise network environments.
3 practical actions
- Apply HPE security updates. Install the fixed AOS-CX versions released by HPE to remediate CVE-2025-37103.
- Review privileged access on switches. Audit existing authenticated accounts and reduce unnecessary manager-level access.
- Monitor switch administration events. Detect unexpected password reset activity or unauthorized configuration changes on affected devices.
For more reporting on newly disclosed software and infrastructure flaws, explore our latest coverage in the Vulnerabilities category.