CVE-2025-37100 Overview
CVE-2025-37100 is a path traversal vulnerability [CWE-22] affecting the APIs of HPE Aruba Networking Private 5G Core. The flaw allows an authenticated attacker with low privileges to navigate the underlying filesystem through API requests. Successful exploitation enables the attacker to download protected system files containing sensitive information. The issue carries a network attack vector, low attack complexity, and a scope change that extends impact beyond the vulnerable component. HPE published a security advisory documenting the affected versions and recommended remediation steps.
Critical Impact
Authenticated attackers can traverse the filesystem through API endpoints and exfiltrate protected system files from HPE Aruba Networking Private 5G Core deployments.
Affected Products
- HPE Aruba Networking Private 5G Core (refer to vendor advisory for affected versions)
- Deployments exposing the Private 5G Core management APIs
- Environments where low-privileged API credentials exist for the platform
Discovery Timeline
- 2025-06-10 - CVE-2025-37100 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-37100
Vulnerability Analysis
The vulnerability resides in API endpoints exposed by HPE Aruba Networking Private 5G Core. The APIs accept file or path parameters without enforcing strict canonicalization or allow-listing of resolved paths. An attacker iteratively probes path parameters using traversal sequences to step outside the intended directory. Each successful traversal reveals additional filesystem structure, enabling progressive enumeration of the host. The flaw is categorized under CWE-22, Improper Limitation of a Pathname to a Restricted Directory.
The attack requires network access and authenticated low-privileged credentials. No user interaction is needed. The scope change in the CVSS vector indicates that exploitation impacts resources beyond the API service itself, including operating system files outside the application sandbox. EPSS data records a probability of 0.396% with a percentile of 31.239.
Root Cause
The root cause is insufficient input validation on file path parameters processed by the Private 5G Core APIs. The application resolves user-supplied path segments relative to a base directory but does not reject sequences such as ../ or absolute path references. As a result, requests can escape the intended file scope and reach arbitrary readable files on the host.
Attack Vector
An attacker authenticates to the API with a low-privileged account and submits crafted requests containing directory traversal payloads in path parameters. By iterating through directories, the attacker maps the filesystem and identifies configuration files, credential stores, certificates, and other system artifacts. Each request returns file contents, leading to disclosure of sensitive information. See the HPE Security Advisory for vendor-specific details.
Detection Methods for CVE-2025-37100
Indicators of Compromise
- API requests containing traversal sequences such as ../, ..%2f, or encoded variants in path or filename parameters
- Unexpected file read responses for system paths like /etc/passwd, /etc/shadow, or application configuration directories
- Repeated 200 OK responses to API calls referencing distinct deep filesystem paths from a single session
Detection Strategies
- Inspect API gateway and reverse proxy logs for directory traversal patterns targeting Private 5G Core endpoints
- Correlate authenticated API sessions with anomalous volumes of file-read style requests across short time windows
- Alert on responses returning binary or large text payloads from endpoints that normally return JSON metadata
Monitoring Recommendations
- Forward Private 5G Core API access logs to a centralized analytics platform for traversal pattern matching
- Baseline normal API consumer behavior and flag accounts deviating toward filesystem enumeration
- Monitor authentication logs for low-privileged accounts performing unusual administrative-style queries
How to Mitigate CVE-2025-37100
Immediate Actions Required
- Apply the security update referenced in the HPE Security Advisory for HPE Aruba Networking Private 5G Core
- Rotate API credentials and audit account privileges for any accounts that interact with the Private 5G Core APIs
- Review API access logs for prior traversal attempts and confirm no sensitive files were exfiltrated
Patch Information
HPE has published a security advisory (hpesbnw04883en_us) describing the fixed releases for HPE Aruba Networking Private 5G Core. Administrators should consult the advisory to identify the upgrade path that matches their deployed version and apply the vendor-supplied patch.
Workarounds
- Restrict network reachability of the Private 5G Core management APIs to trusted administrative segments only
- Enforce least privilege on API accounts and remove unused or shared credentials
- Place a web application firewall or API gateway in front of the management plane to block traversal payloads until patching is complete
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
