Blog Trainings Request a Demo Login
Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | CVE‑2025‑37103: Remote Access Risk in Aruba Instant On Access Points Due to Hardcoded Passwords
Table Of Content
Related Articles
SOCRadar® Cyber Intelligence Inc. | CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
CVE-2025-48595: June 2026 Android Security Update Fixes Framework Zero-Day
Jun 03, 2026
SOCRadar® Cyber Intelligence Inc. | Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
Charter Data Breach: ShinyHunters Claims 42 Million Records Stolen on the Dark Web
May 29, 2026
SOCRadar® Cyber Intelligence Inc. | April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
April 2026: ShinyHunters Hits Medtronic and ADT as North Korean Hackers Drain DeFi Protocols
May 29, 2026
SOCRadar® Cyber Intelligence Inc. | TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling
TrapDoor: Malicious npm, PyPI, Crates.io Packages Target Developer Secrets & AI Tooling
May 25, 2026
SOCRadar® Cyber Intelligence Inc. | CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access
CVE-2026-20223: Cisco Secure Workload Auth Bypass Grants Site Admin Access
May 22, 2026
Free Dark Web Report
Is your Domain/Email Exposed?
Jul 21, 2025
3 Mins Read
Moon

CVE‑2025‑37103: Remote Access Risk in Aruba Instant On Access Points Due to Hardcoded Passwords

HPE has disclosed a critical vulnerability in Aruba Instant On access points. The flaw involves a hardcoded admin password that allows remote access to the device’s web interface without authentication.

The issue is tracked as CVE‑2025‑37103 and affects firmware versions up to and including 3.2.0.1. It carries a CVSS score of 9.8, making it a severe threat

SOCRadar’s Vulnerability Intelligence, CVE‑2025‑37103

SOCRadar’s Vulnerability Intelligence, CVE‑2025‑37103

Why Does CVE‑2025‑37103 Matter?

If attackers gain access through the hardcoded password, they can:

  • Log in as an administrator without needing credentials
  • Reconfigure wireless settings
  • Disable security controls
  • Monitor network traffic
  • Install backdoors or malware
  • Launch lateral attacks across the internal network

This level of access puts all connected systems at risk. Attackers could maintain persistence or use the device as a stepping stone into more sensitive parts of the network.

Is There Another Vulnerability to Worry About?

Yes. HPE also disclosed CVE‑2025‑37102, a command injection vulnerability that becomes exploitable once an attacker logs in using the hardcoded credentials.

This flaw requires admin access to exploit, which can be gained through CVE-2025-37103. Once combined, attackers can inject arbitrary commands into the CLI to exfiltrate data, disable security features, and maintain persistent access. This second flaw allows remote command execution through the CLI, giving the attacker the ability to run arbitrary system-level commands. Combined, these vulnerabilities create a full compromise scenario.

Which Devices Are Affected by CVE‑2025‑37103?

These vulnerabilities impact:

  • Aruba Instant On Access Points 
  • Firmware versions up to and including 3.2.0.1

Only firmware version 3.2.1.0 and newer include the necessary fixes. Devices not updated remain fully exposed.

How Can You Protect Your Network?

HPE strongly recommends that users take the following steps:

  1. Identify all Aruba Instant On access points in your environment
  2. Check their firmware versions
  3. Update all devices to firmware version 3.2.1.0 or newer
  4. Reset administrative credentials and ensure strong passwords are in use
  5. Audit logs and monitor traffic for unusual activity

Currently, HPE Aruba Networking has not received any reports of these two vulnerabilities being exploited. No workarounds or persistent mitigations exist. The only way to secure the devices is to apply the firmware update.

Where Can You Learn More?

HPE published a full security bulletin with technical details and remediation steps: HPE Security Bulletin SBNW04894

What Should You Do Now?

Act immediately if your organization uses Aruba Instant On access points. Delaying this update leaves your network open to easy and complete compromise. Ensure devices are patched, access logs are reviewed, and security configurations are verified.

Hardcoded passwords should never exist in production firmware. When they do, they must be removed quickly, and in this case, that means applying firmware version 3.2.1.0 as soon as possible.

How Can SOCRadar Help?

Defending against critical vulnerabilities like CVE-2025-37103 requires full visibility into your external attack surface. SOCRadar’s Attack Surface Management (ASM) helps security teams:

  • Detect exposed Aruba Instant On access points and other vulnerable assets
  • Identify outdated firmware versions across internet-facing devices
  • Prioritize patching based on risk and exposure level
  • Monitor for changes or misconfigurations that increase attack surface

SOCRadar’s Attack Surface Management, Company Vulnerabilities

SOCRadar’s Attack Surface Management, Company Vulnerabilities

With continuous monitoring and detailed asset mapping, SOCRadar enables faster detection and remediation before attackers can take advantage.