HPE disclosed a critical vulnerability (CVE-2025-37103) in Aruba Instant On access points, allowing remote access through a hardcoded admin password. This vulnerability, combined with CVE-2025-37102, enables attackers to execute arbitrary commands and compromise the network. Users are advised to update firmware to version 3.2.1.0 or newer and reset administrative credentials.