Armis Logo< Back

CVE-2025-37168:

Arbitrary file deletion vulnerability in HPE AOS-8 mobility conductors allows unauthenticated remote attackers to delete files and cause denial-of-service.


Score
Info
A numerical rating that indicates how dangerous this vulnerability is.

9.1Critical
  • Published Date:Jan 13, 2026
  • CISA KEV Date:*No Data*
  • Industries Affected:20

Threat Predictions

  • EPSS Score:0.1
  • EPSS Percentile:22%

Exploitability

  • Score:3.9
  • Attack Vector:NETWORK
  • Attack Complexity:LOW
  • Privileges Required:NONE
  • User Interaction:NONE
  • Scope:UNCHANGED

Impact

  • Score:5.2
  • Confidentiality Impact:NONE
  • Integrity Impact:HIGH
  • Availability Impact:HIGH

Description Preview

Arbitrary file deletion vulnerability in HPE AOS-8 mobility conductors allows unauthenticated remote attackers to delete files and cause denial-of-service.

Overview

The vulnerability affects HPE mobility conductors running the AOS-8 operating system. It enables unauthorized remote attackers to delete files arbitrarily within the system, which could lead to severe disruptions in service. The attack vector is network-based, requires no user interaction, and can be exploited with low attack complexity. While the vulnerability does not impact confidentiality, it has a high impact on system integrity and a low impact on availability. The ease of exploitation and the potential for system disruption make this vulnerability particularly concerning for organizations using affected HPE devices.

Remediation

  • As of the vulnerability's publication date, specific remediation details have not been provided. However, general best practices for mitigating such vulnerabilities include:
  • 1. Applying security patches promptly when made available by HPE.
  • 2. Implementing network segmentation to limit exposure of affected devices.
  • 3. Monitoring systems for unusual file deletion activities or unexpected service disruptions.
  • 4. Restricting network access to the affected devices to trusted IP addresses only.
  • 5. Regularly backing up critical system files to enable quick recovery in case of successful exploitation.
  • Organizations should closely monitor HPE's security advisories for official patches and follow their specific guidance for addressing this vulnerability.

References

Industries Affected

Below is a list of industries most commonly impacted or potentially at risk based on intelligence.

Low
Mining icon
Mining
Utilities icon
Utilities
Information icon
Information
Construction icon
Construction
Retail Trade icon
Retail Trade
Manufacturing icon
Manufacturing
Wholesale Trade icon
Wholesale Trade
Educational Services icon
Educational Services
Finance and Insurance icon
Finance and Insurance
Public Administration icon
Public Administration
Real Estate Rental and Leasing icon
Real Estate Rental and Leasing
Transportation and Warehousing icon
Transportation and Warehousing
Accommodation and Food Services icon
Accommodation and Food Services
Health Care and Social Assistance icon
Health Care and Social Assistance
Arts, Entertainment, and Recreation icon
Arts, Entertainment, and Recreation
Management of Companies and Enterprises icon
Management of Companies and Enterprises
Agriculture, Forestry, Fishing and Hunting icon
Agriculture, Forestry, Fishing and Hunting
Other Services (except Public Administration) icon
Other Services (except Public Administration)
Professional, Scientific, and Technical Services icon
Professional, Scientific, and Technical Services
Administrative and Support and Waste Management and Remediation Services icon
Administrative and Support and Waste Management and Remediation Services

Focus on What Matters

See everything.Identify true risk.Proactively mitigate threats.Book a Demo

Let's talk!