HPE Flaw Exposes Admin Access via Hard-Coded Logins

Hewlett-Packard Enterprise has issued a security update to patch a critical vulnerability in its Instant On Access Points. The HPE flaw exposes admin access by allowing attackers to bypass authentication using hard-coded credentials embedded in the system. Tracked as CVE-2025-37103, the flaw carries a near-maximum CVSS severity rating of 9.8, signaling a significant risk to affected devices.

Security researchers discovered that the credentials, hard-wired into the firmware, could grant unauthorized users full administrative control. The HPE flaw exposes admin access across impacted systems, potentially compromising network integrity and user data. HPE has responded by releasing a fix to eliminate the embedded login credentials and mitigate the risk.

Organizations using these access points are urged to apply the update immediately to prevent exploitation. Delayed patching could leave networks exposed to unauthorized control and data breaches.

To learn more, read the complete report at:
https://thehackernews.com/2025/07/hard-coded-credentials-found-in-hpe.html