CVE-2025-37183

CVSS Score & Metrics

Base Score

7.2 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H                                    

Vulnerability Description

Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. Successful exploitation could allow an attacker to execute arbitrary SQL commands on the underlying database, potentially leading to unauthorized data access or data manipulation.

Vulnerability Details

Published Date

January 14, 2026

Last Modified

January 20, 2026

CWE ID

CWE-89

Source

NVD

Vendor

arubanetworks

Product

edgeconnect_sd-wan_orchestrator

External References

https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04992en_us&docLocale=en_US

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment