An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 25 Jul 2025 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Hpe
Hpe autopass License Server
CPEs cpe:2.3:a:hpe:autopass_license_server:*:*:*:*:*:*:*:*
Vendors & Products Hpe
Hpe autopass License Server

Fri, 18 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-94
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Wed, 16 Jul 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}


Wed, 16 Jul 2025 18:00:00 +0000

Type Values Removed Values Added
Description An hsqldb-related remote code execution vulnerability exists in HPE AutoPass License Server (APLS) prior to 9.18.
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:A/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: hpe

Published:

Updated: 2025-07-22T03:55:30.959Z

Reserved: 2025-04-16T01:28:25.364Z

Link: CVE-2025-37105

cve-icon Vulnrichment

Updated: 2025-07-18T14:26:24.905Z

cve-icon NVD

Status : Analyzed

Published: 2025-07-16T18:15:24.410

Modified: 2025-07-25T15:28:11.190

Link: CVE-2025-37105

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.