CVE-2025-37166: Unexpected shutdown in HPE Instant On Access Points after processing specific packets
A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-37166?
CVE-2025-37166 is rated as a critical security vulnerability due to its potential to cause system outages on affected devices.
How do I fix CVE-2025-37166?
To mitigate CVE-2025-37166, update your HPE Networking Instant On Access Points to the latest firmware version provided by HPE.
What are the symptoms of CVE-2025-37166?
Devices affected by CVE-2025-37166 may become non-responsive or require a hard reset after processing specific crafted packets.
Which products are impacted by CVE-2025-37166?
CVE-2025-37166 specifically affects HPE Networking Instant On Access Points.
Is there a workaround for CVE-2025-37166?
Currently, the primary recommendation for CVE-2025-37166 is to apply the latest firmware update from HPE, as no official workarounds are outlined.