CVE-2025-37159

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-37159

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37159.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-37159

Published

2025-11-18T19:15:47.980Z

Modified

2026-03-12T20:20:14.624290Z

Severity

7.3 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

A vulnerability in the web management interface of the AOS-CX OS user authentication service could allow an authenticated remote attacker to hijack an active user session. Successful exploitation may enable the attacker to maintain unauthorized access to the session, potentially leading to the view or modification of sensitive configuration data.

References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04888en_us&docLocale=en_US

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-37159.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "10.10.0000"
            },
            {
                "fixed": "10.10.1170"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "10.13.0000"
            },
            {
                "fixed": "10.13.1101"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "10.14.0000"
            },
            {
                "fixed": "10.14.1060"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "10.15.0000"
            },
            {
                "fixed": "10.15.1030"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "10.16.0000"
            },
            {
                "fixed": "10.16.1001"
            }
        ]
    }
]