HPE has released security updates for Instant On Access Points to fix a critical vulnerability that could allow remote attackers to bypass authentication and gain administrative access. Additionally, an authenticated command injection flaw was addressed, which could enable malicious commands to be executed with elevated privileges. #CVEs2025-37103 #CVEs2025-37102
Keypoints
- HPE released security patches for Instant On Access Points to fix two critical vulnerabilities.
- The flaws include a hard-coded login credential vulnerability (CVE-2025-37103) and an authenticated command injection flaw (CVE-2025-37102).
- Successful exploitation could allow attackers to bypass authentication and execute arbitrary commands.
- The vulnerabilities can be combined in an exploit chain to gain administrative control over affected devices.
- Users are advised to update to version 3.2.1.0 or higher to mitigate the risks, although no active exploits have been reported.
Read More: https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html