PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution

PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution

Posted on By CWS

Safety researchers have launched a Proof-of-Idea (PoC) exploit for a crucial vulnerability in HPE OneView, a well-liked IT infrastructure administration platform.

The flaw, tracked as CVE-2025-37164, carries a most CVSS rating of 10.0, indicating rapid hazard to enterprise environments.

The vulnerability permits distant attackers to execute malicious code on affected techniques with no need a password or any type of authentication.

A legitimate Metasploit module has already been revealed, making it simple for risk actors to weaponize this flaw.

FeatureDetailsCVE IDCVE-2025-37164SeverityCritical (CVSS 10.0)VendorHewlett Packard Enterprise (HPE)Affected ProductHPE OneView (Variations < 11.0)Vulnerability TypeRemote Code Execution (RCE)Exploit StatusPoC & Metasploit Module Obtainable

Technical Breakdown

The problem lies throughout the ID-Swimming pools REST API endpoint of the HPE OneView software program.

Particularly, the vulnerability exists in how the appliance handles the executeCommand parameter. The code explicitly marks the authentication header as “not required.”

This oversight permits an attacker to ship a easy JSON command, comparable to opening a reverse shell, which the server then executes with excessive privileges.

unpatched variations of ‘HPE OneView for HPE Synergy’ are possible all susceptible

Whereas HPE’s advisory states that every one variations earlier than 11.0 are affected.

In response to Rapid7’s evaluation, the appliance accepts person enter by way of a particular API request (PUT /relaxation/id-pools/executeCommand). Nevertheless, it fails to confirm whether or not the person is allowed.

Researchers discovered that the susceptible “id-pools” function is primarily lively in HPE OneView for HPE Synergy and particular variations of HPE OneView for VMs (Department 6.x).

HPE has launched a hotfix that patches the flaw by blocking entry to the susceptible URL path.

Given the discharge of public exploit code and the excessive privileges related to OneView administration consoles, directors are urged to patch instantly.

Confirm your OneView model instantly and apply the vendor-supplied hotfix to forestall unauthorized entry to your bodily and digital infrastructure.

Observe us on Google Information, LinkedIn, and X for every day cybersecurity updates. Contact us to function your tales.

Cyber Security News Tags:, , , , , , , , ,

Related Posts

Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory Leveraging dMSAs for Credential Acquisition and Lateral Movement in Active Directory Cyber Security News
Multiple Exim Server Vulnerabilities Let Attackers Seize Control of the Server Multiple Exim Server Vulnerabilities Let Attackers Seize Control of the Server Cyber Security News
RealBlindingEDR Tool That Permanently Turn off AV/EDR Using Kernel Callbacks RealBlindingEDR Tool That Permanently Turn off AV/EDR Using Kernel Callbacks Cyber Security News
Critical Hikvision Vulnerability Threatens Wireless Access Points Critical Hikvision Vulnerability Threatens Wireless Access Points Cyber Security News
Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Exposed ‘Kim’ Dump Exposes Kimsuky Hackers New Tactics, Techniques, and Infrastructure Cyber Security News
Fired Intel Engineer Stolen 18,000 Files Many of which Were Classified as “Top Secret” Fired Intel Engineer Stolen 18,000 Files Many of which Were Classified as “Top Secret” Cyber Security News