HPE has issued a warning regarding hardcoded credentials within Aruba Instant On Access Points, which could enable remote attackers to gain administrative access. The vulnerability, identified as CVE-2025-37103, affects Instant On Access Points operating firmware version 3.2.0.1 and earlier, prompting a recommendation for immediate firmware upgrades.
Aruba Instant On Access Points function as compact, plug-and-play wireless devices, designed for small to medium-sized businesses, offering enterprise-grade features and cloud/mobile app management. CVE-2025-37103, rated as critical with a CVSS v3.1 score of 9.8, stems from hardcoded login credentials within the firmware. This allows anyone with knowledge of these credentials to bypass standard device authentication and access the web interface.
HPE’s bulletin specified that successful exploitation could grant a remote attacker administrative access to the system. With administrative credentials embedded in the firmware, their discovery is straightforward for knowledgeable actors, potentially leading to configuration changes, security reconfigurations, backdoor installations, traffic surveillance, or lateral movement within a network.
Inside the LLM system that reads emails like a cybersecurity analyst
The Ubisectech Sirius Team security researcher, identified by the alias ZZ, discovered and reported this vulnerability directly to HPE. To mitigate the risk posed by CVE-2025-37103, users of affected devices are advised to upgrade to firmware version 3.2.1.0 or newer. HPE has not provided any alternative workarounds, making patching the sole recommended action. The bulletin clarifies that CVE-2025-37103 does not impact Instant On Switches.
HPE’s bulletin also details a second vulnerability, CVE-2025-37102, a high-severity authenticated command injection flaw found in the Command Line Interface (CLI) of Aruba Instant On access points. This flaw can be exploited in conjunction with CVE-2025-37103, as administrative access is a prerequisite for its exploitation. Chaining these vulnerabilities allows threat actors to inject arbitrary commands into the CLI, potentially leading to data exfiltration, security disabling, and establishing persistence. Similar to CVE-2025-37103, this issue is resolved by upgrading to firmware version 3.2.1.0 or later, with no available workarounds. HPE Aruba Networking has not received any reports of exploitation for either of these vulnerabilities to date.
