CVE-2025-37112

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

CVSS v3 6.0 MEDIUM

6.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us

Configurations

No configuration.

History

No history.

Information

Published : 2025-07-31 20:15

Updated : 2025-08-04 15:06

NVD link : CVE-2025-37112

Mitre link : CVE-2025-37112

CVE.ORG link : CVE-2025-37112

JSON object : View

Products Affected

No product.

CWE

CWE-798

Use of Hard-coded Credentials

6.0 /10