Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-37112

Summary
Assigner-hpe
Assigner Org ID-eb103674-0d28-4225-80f8-39fb86215de0
Published At-31 Jul, 2025 | 19:42
Updated At-31 Jul, 2025 | 20:01
Rejected At-
Credits

Hard-Coded Encryption Keys found in System

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:hpe
Assigner Org ID:eb103674-0d28-4225-80f8-39fb86215de0
Published At:31 Jul, 2025 | 19:42
Updated At:31 Jul, 2025 | 20:01
Rejected At:
▼CVE Numbering Authority (CNA)
Hard-Coded Encryption Keys found in System

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Affected Products
Vendor
Hewlett Packard Enterprise (HPE)Hewlett Packard Enterprise
Product
HPE Telco Network Function Virtual Orchestrator
Default Status
unaffected
Versions
Affected
  • From 7.0.0 through 7.3.0 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-798CWE-798 Use of Hard-coded Credentials
Type: CWE
CWE ID: CWE-798
Description: CWE-798 Use of Hard-coded Credentials
Metrics
VersionBase scoreBase severityVector
3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us
Resource: N/A
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-alert@hpe.com
Published At:31 Jul, 2025 | 20:15
Updated At:04 Aug, 2025 | 15:06

A vulnerability was discovered in the storage policy for certain sets of encryption keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.0MEDIUM
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 6.0
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-798Secondarysecurity-alert@hpe.com
CWE ID: CWE-798
Type: Secondary
Source: security-alert@hpe.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_ussecurity-alert@hpe.com
N/A
Hyperlink: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04891en_us
Source: security-alert@hpe.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

3Records found
CVE-2025-37111
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-10
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6||MEDIUM
EPSS-0.02% / 2.62%
||
7 Day CHG~0.00%
Published-31 Jul, 2025 | 19:41
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hard-Coded Authentication Keys found in System

A vulnerability was discovered in the storage policy for certain sets of authentication keys in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE Telco Network Function Virtual Orchestrator
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2025-37110
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
ShareView Details
Matching Score-8
Assigner-Hewlett Packard Enterprise (HPE)
CVSS Score-6||MEDIUM
EPSS-0.01% / 1.94%
||
7 Day CHG~0.00%
Published-31 Jul, 2025 | 19:41
Updated-04 Aug, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Sensitive Credential Information stored insecurely in System Database

A vulnerability was discovered in the storage policy for certain sets of sensitive credential information in the HPE Telco Network Function Virtual Orchestrator. Successful Exploitation could lead to unauthorized parties gaining access to sensitive system information.

Action-Not Available
Vendor-Hewlett Packard Enterprise (HPE)
Product-HPE Telco Network Function Virtual Orchestrator
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2025-4876
Matching Score-4
Assigner-ConnectWise LLC
ShareView Details
Matching Score-4
Assigner-ConnectWise LLC
CVSS Score-6||MEDIUM
EPSS-0.01% / 0.65%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 16:04
Updated-13 Aug, 2025 | 16:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded Key Revealed in ConnectWise Password Encryption Utility

ConnectWise-Password-Encryption-Utility.exe in ConnectWise Risk Assessment allows an attacker to extract a hardcoded AES decryption key via reverse engineering. This key is embedded in plaintext within the binary and used in cryptographic operations without dynamic key management. Once obtained the key can be used to decrypt CSV input files used for authenticated network scanning.

Action-Not Available
Vendor-connectwiseConnectWise
Product-risk_assessmentRisk Assessment
CWE ID-CWE-798
Use of Hard-coded Credentials
Details not found