VulnerabilitiesCVE-2025-37157, CVE-2025-37158
HPE Patches Five Critical AOS-CX Flaws: RCE, Privilege Escalation and Session Hijacking
HPE released emergency patches on March 10, 2026 for five critical and high-severity vulnerabilities in Aruba Networking AOS-CX, including two command injection flaws enabling remote code execution, an SSH privilege escalation, a web session hijacking bug, and a port ACL bypass on CX 9300 switches. Immediate patching is required for all enterprise Aruba CX deployments.
