A critical vulnerability in Hewlett Packard Enterprise (HPE) Aruba Networking Instant On Access Points could allow attackers to bypass device authentication mechanisms completely. The advisory clarifies that the issue is specific to Aruba Networking Instant On Access Points operating on firmware versions up to and including 3.2.0.1; Instant On Switches are not impacted. This flaw affects HPE Networking Instant On Access Points running software version 3.2.0.1 and below, potentially exposing countless enterprise networks to unauthorized administrative access. At the core of CVE-2025-37103 lies a function in the Instant On Access Point firmware responsible for validating web interface credentials. Exploitation of CVE-2025-37103 grants administrative access, exposing system configurations, network traffic, and device management interfaces to potential tampering or payload injection. In this scenario, any remote actor aware of the static credentials “admin” and “default123” can invoke authenticate() over HTTPS or HTTP and gain privileged session tokens without triggering multifactor or additional security checks. HPE Aruba Access Points have hardcoded credentials allowing authentication bypass. Customers who have enabled automatic updates between June 30 and July 17, 2025, need not take additional steps; otherwise, manual intervention via the Instant On mobile app or web portal will deploy the patch. As a precaution, organizations should audit access logs for suspicious web interface logins and segment management traffic to trusted administrative VLANs. Instant On Access Points firmware 3.2.0.1 and below are affected. When an attacker supplies these credentials embedded within the device’s web interface, they can bypass routine login procedures without any additional privileges or interaction.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 21 Jul 2025 09:05:13 +0000