{"cve":{"cve_id":"CVE-2025-37100","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00396,"epss_percentile":0.31329,"epss_as_of":"2026-06-23","description":"A vulnerability in the APIs of HPE Aruba Networking Private 5G CoreĀ could potentially expose sensitive information to unauthorized users. \nA successful exploitation could allow an attacker to iteratively navigate through the filesystem and ultimately download protected system files containing sensitive information.","published_at":"2025-06-10T15:05:55.025000Z","last_modified_at":null,"cvss_v3_score":7.7,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","cvss_v3_severity":"HIGH","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-922","CWE-22"],"nvd_references":["https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us&docLocale=en_US"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:35.811048Z"},"effective_severity":"HIGH","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"L","value_label":"Low"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"C","value_label":"Changed"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"hpe-aruba-networking-private-5g-core","product_name":"HPE Aruba Networking Private 5G Core","version_start":"1.24.1.0","version_start_inclusive":true,"version_end":"1.25.1.0","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:hpe-aruba-networking-private-5g-core:1.24.1.0:1.25.1.0"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04883en_us&docLocale=en_US","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-06-10T15:05:55.025000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"}]}