- • HPE Aruba Networking Instant On Access Points have a critical vulnerability (CVE-2025-37103) due to hardcoded credentials, allowing attackers to bypass authentication with a CVSS score of 9.8.
- • Exploitation of this vulnerability could grant remote attackers full administrative access to affected systems, posing significant security risks.
- • HPE has released security updates to mitigate this vulnerability and an additional command injection flaw (CVE-2025-37102) in the command-line interface.
- • Immediate action is required: organizations should apply the patches to all affected HPE Instant On Access Points to prevent unauthorized access.
- • No specific threat actor attribution has been mentioned, but the severity of the vulnerability suggests potential for widespread exploitation.
A critical vulnerability (CVE-2025-37103) in HPE Aruba Networking Instant On Access Points allows attackers to bypass authentication due to hardcoded credentials, enabling full administrative access. This flaw, rated 9.8 on the CVSS scale, poses a severe risk to organizations using these devices. HPE has issued patches to address this and another command injection vulnerability (CVE-2025-37102). Security teams must urgently update their systems to the latest firmware versions to mitigate risks, ensuring all affected devices are secured against potential exploitation.