{"cve":{"cve_id":"CVE-2025-37131","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.003,"epss_percentile":0.21489,"epss_as_of":"2026-06-23","description":"A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.","published_at":"2025-09-16T22:17:32.261000Z","last_modified_at":null,"cvss_v3_score":4.9,"cvss_v3_vector":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-284"],"nvd_references":["https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:26:35.811048Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.1","metrics":[{"metric":"AV","name":"Attack Vector","value":"N","value_label":"Network"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"N","value_label":"None"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"N","value_label":"None"},{"metric":"A","name":"Availability","value":"N","value_label":"None"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"hpe-aruba-networking-edgeconnect-sd-wan-gateway","product_name":"HPE Aruba Networking EdgeConnect SD-WAN Gateway","version_start":"9.5.0.0","version_start_inclusive":true,"version_end":"9.5.3.6","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:hpe-aruba-networking-edgeconnect-sd-wan-gateway:9.5.0.0:9.5.3.6"},{"vendor_slug":"hewlett-packard-enterprise-hpe","vendor_name":"Hewlett Packard Enterprise (HPE)","product_slug":"hpe-aruba-networking-edgeconnect-sd-wan-gateway","product_name":"HPE Aruba Networking EdgeConnect SD-WAN Gateway","version_start":"9.4.0.0","version_start_inclusive":true,"version_end":"9.4.3.7","version_end_inclusive":true,"cpe23_uri":"cve5:hewlett-packard-enterprise-hpe:hpe-aruba-networking-edgeconnect-sd-wan-gateway:9.4.0.0:9.4.3.7"}],"exploit_refs":[],"news":[],"references":[{"url":"https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04943en_us&docLocale=en_US","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2025-09-16T22:17:32.261000Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:45:17.091772Z","label":"CVSS score revised","source":"cvelistv5"}]}