HPE Warns of Aruba Access Point Backdoor

Hewlett-Packard Enterprise (HPE) is sounding the alarm over a critical security flaw in Aruba Instant On Access Points. The Aruba access point backdoor vulnerability allows attackers to bypass normal authentication using hardcoded credentials, giving them administrative access to the device’s web interface.

Critical Flaw: CVE-2025-37103

HPE tracks the issue as CVE-2025-37103 and rates it critical with a CVSS v3.1 score of 9.8. It affects Aruba Instant On Access Points running firmware version 3.2.0.1 or earlier. These plug-and-play Wi-Fi devices are popular among small and medium-sized businesses for their enterprise-grade features and ease of cloud management.

Because the credentials are hardcoded into the firmware, they are easy for skilled attackers to extract. Once inside, threat actors can:

• Reconfigure security settings
• Install persistent backdoors
• Capture network traffic for surveillance
• Move laterally within the network

Security researcher ‘ZZ’ from Ubisectech Sirius Team discovered the flaw and responsibly reported it to HPE.

Additional Threat: CVE-2025-37102

A second vulnerability, CVE-2025-37102, was disclosed in the same advisory. This high-severity flaw is an authenticated command injection vulnerability in the device’s CLI (Command Line Interface). It requires admin access to exploit—something made possible through the backdoor vulnerability.

Attackers who chain both flaws can run arbitrary commands, disable security settings, exfiltrate data, and establish persistence across the network.

Patch Now – No Workarounds

HPE urges users to upgrade to firmware version 3.2.1.0 or later to eliminate both vulnerabilities. No workarounds are currently available. Notably, the flaws only affect Aruba Instant On Access Points—not the Instant On Switches.

Although no exploitation has been reported yet, the critical nature of the Aruba access point backdoor means attackers could strike at any time. Businesses using these devices should act immediately.

Conclusion

The Aruba access point backdoor vulnerability is a serious risk for SMBs relying on HPE Aruba devices. With no workaround available and the potential for full network compromise, upgrading to the latest firmware is the only safe move. Apply the patch now to avoid giving attackers an open door into your network.