HPE warns of a critical vulnerability (CVE-2025-37103) in Aruba Instant On Access Points, where hardcoded administrative credentials allow remote attackers to bypass authentication. Successful exploitation grants full device control for traffic interception, backdoor installation, or lateral movement. No workarounds exist—immediate patching to firmware 3.2.1.0+ is essential.