A crucial safety alert warns prospects a few extreme vulnerability in HPE OneView Software program that would enable distant attackers to execute arbitrary code with out authentication.
The flaw, tracked as CVE-2025-37164, carries a CVSS severity rating of 10.0, indicating most crucial threat.
AttributeDetailsCVE IDCVE-2025-37164ProductHPE OneView SoftwareVulnerability TypeRemote Code ExecutionCVSS Score10.0 (Essential)CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HAttack VectorNetwork
HPE OneView Flaw Allows Distant Code Execution
The vulnerability impacts HPE OneView Software program in all variations earlier than v11.00. Unauthenticated distant attackers may exploit it to realize distant code execution.
The assault requires no person interplay or particular entry privileges, making it instantly exploitable over the community. The vulnerability impacts the confidentiality, integrity, and availability of affected techniques.
In keeping with HPE’s safety bulletin HPESBGN04985, the flaw was responsibly disclosed by safety researcher brocked200 (Nguyen Quoc Khanh) on December 16, 2025.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A: H signifies the vulnerability is exploitable over the community with none required authentication or person interplay.
The low assault complexity means attackers can reliably execute the exploit with easy strategies.
HPE recommends fast motion for all affected prospects. The first resolution is to improve to HPE OneView v11.00 or later through the My HPE Software program Heart portal.
Organizations operating OneView variations 5.20 by means of 10.20 can apply a devoted safety hotfix obtainable from HPE’s help channels.
The safety hotfix have to be reapplied after upgrading from HPE OneView 6.60.xx to 7.00.00, together with HPE Synergy Composer reimage operations.
Safety directors managing HPE OneView deployments ought to prioritize patching these techniques, given the crucial severity and ease of exploitation.
HPE recommends reviewing system administration and safety procedures frequently to keep up system integrity.
Organizations unable to right away patch ought to implement community segmentation to limit entry to HPE OneView techniques and monitor for suspicious exercise.
For technical implementation questions, HPE prospects ought to contact their regular HPE Companies help channel.
HPE continues to watch and improve security measures throughout its software program portfolio to offer prospects with present, safe options in opposition to rising threats.
AI-Powered ISO 27001, SOC 2, NIST, NIS 2, and GDPR Compliance Guidelines => Begin for Free
