Vulnerabilities threaten HPE Aruba Networking EdgeConnect SD-WAN

Attackers can target wide area networks (WANs) based on HPE Aruba Networking EdgeConnect SD-WAN. The developers have recently closed several security gaps. After successful attacks, attackers can, among other things, bypass security restrictions or even execute malicious code to completely compromise systems.

Multiple threats

In a warning message, the developers write that they have closed a total of nine software vulnerabilities. The majority of these are classified as "high" threat level.

Due to errors in the command line interface, remote attackers can exploit a vulnerability (CVE-2025-37123) to gain higher user privileges and then execute their own code with root privileges. However, they must already be authenticated to do so.

However, no authentication is required to successfully exploit another vulnerability (CVE-2025-37124). Here, attackers can bypass firewall protection in a manner that has not been specified in detail.

Furthermore, it is possible to execute commands at the system level (CVE-2025-37126). Errors in cryptography (CVE-2025-37127) allow attackers to gain control of systems.

Protecting WANs against potential attacks

To prevent attacks, administrators must install HPE Aruba Networking EdgeConnect SD-WAN 9.5.4.1 or 9.4.4.2. HPE assures that it is currently not aware of any attacks. However, this can change quickly, which is why administrators should install the security patches promptly.

In addition, they should ensure that the web interface is only accessible from outside for selected accounts and that firewall rules restrict access. The developers also recommend using RADIUS or TACACS for authentication.

(des)