HPE Patches Critical Flaw in IT Infrastructure Management Software

Posted on By CWS

Hewlett Packard Enterprise (HPE) this week introduced patches for a critical-severity distant code execution vulnerability in its OneView IT infrastructure administration software program.

Tracked as CVE-2025-37164 (CVSS rating of 10), the safety defect could be exploited with out authentication, the corporate notes in a barebones advisory.

HPE makes no point out of the flaw being exploited within the wild, however urges prospects to replace to a set launch as quickly as potential.

In response to HPE, the difficulty impacts all OneView releases as much as model 10.20. The corporate has launched hotfixes for OneView customers and recommends updating 6.60.xx iterations to model 7.00 previous to making use of the patch. HPE Synergy Composer reimages also needs to be up to date.

The HPE OneView digital equipment safety hotfixes can be found on this web page, whereas the HPE Synergy CVE safety hotfix could be discovered right here.

HPE shunned releasing technical particulars on the weak spot however credited Nguyen Quoc Khanh for reporting it.

This week, HPE additionally rolled out fixes for 3 vulnerabilities in dependencies used within the Telco Service Activator service provisioning and activation software program platform.

Tracked as CVE-2025-49146, CVE-2025-55163, and CVE-2025-7962, the problems impression the open supply PostgreSQL JDBC driver PgJDBC, the Netty community utility framework, and Jakarta Mail.Commercial. Scroll to proceed studying.

Profitable exploitation of the bugs, the corporate says, may result in authentication bypass, denial-of-service (DoS), and Carriage Return Line Feed (CRLF) injection.

All HPE Telco Service Activator variations as much as 10.3.2 are affected. Patches for the three safety defects had been included in model 10.3.3 of the platform.

Neither of those vulnerabilities seems to have been exploited in assaults concentrating on HPE Telco Service Activator customers.

Associated: CISA Warns of Exploited Flaw in Asus Replace Software

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: JumpCloud Distant Help Vulnerability Can Expose Methods to Takeover

Associated: Atlassian Patches Crucial Apache Tika Flaw

Security Week News Tags:, , , , , ,

Related Posts

TeamFiltration Abused in Entra ID Account Takeover Campaign Security Week News
ChatGPT Tricked Into Solving CAPTCHAs Security Week News
Japan Issues OT Security Guidance for Semiconductor Factories Security Week News
Dior Says Personal Information Stolen in Cyberattack Security Week News
Exploited CrushFTP Zero-Day Provides Admin Access to Servers Security Week News
Atlassian Patches Critical Apache Tika Flaw Security Week News