HPE Patches Critical Flaw in IT Infrastructure Management Software

Posted on By CWS

Hewlett Packard Enterprise (HPE) this week introduced patches for a critical-severity distant code execution vulnerability in its OneView IT infrastructure administration software program.

Tracked as CVE-2025-37164 (CVSS rating of 10), the safety defect could be exploited with out authentication, the corporate notes in a barebones advisory.

HPE makes no point out of the flaw being exploited within the wild, however urges prospects to replace to a set launch as quickly as potential.

In response to HPE, the difficulty impacts all OneView releases as much as model 10.20. The corporate has launched hotfixes for OneView customers and recommends updating 6.60.xx iterations to model 7.00 previous to making use of the patch. HPE Synergy Composer reimages also needs to be up to date.

The HPE OneView digital equipment safety hotfixes can be found on this web page, whereas the HPE Synergy CVE safety hotfix could be discovered right here.

HPE shunned releasing technical particulars on the weak spot however credited Nguyen Quoc Khanh for reporting it.

This week, HPE additionally rolled out fixes for 3 vulnerabilities in dependencies used within the Telco Service Activator service provisioning and activation software program platform.

Tracked as CVE-2025-49146, CVE-2025-55163, and CVE-2025-7962, the problems impression the open supply PostgreSQL JDBC driver PgJDBC, the Netty community utility framework, and Jakarta Mail.Commercial. Scroll to proceed studying.

Profitable exploitation of the bugs, the corporate says, may result in authentication bypass, denial-of-service (DoS), and Carriage Return Line Feed (CRLF) injection.

All HPE Telco Service Activator variations as much as 10.3.2 are affected. Patches for the three safety defects had been included in model 10.3.3 of the platform.

Neither of those vulnerabilities seems to have been exploited in assaults concentrating on HPE Telco Service Activator customers.

Associated: CISA Warns of Exploited Flaw in Asus Replace Software

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: JumpCloud Distant Help Vulnerability Can Expose Methods to Takeover

Associated: Atlassian Patches Crucial Apache Tika Flaw

Security Week News Tags:, , , , , ,

Related Posts

Apple Patches Two Zero-Days Tied to Mysterious Exploited Chrome Flaw Security Week News
Russian Government Hackers Caught Buying Passwords from Cybercriminals Security Week News
Cyberstarts Launches $300M Liquidity Fund to Help Startups Retain Top Talent Security Week News
Verisoul Raises $8.8 Million for Fraud Prevention Security Week News
Ukrainian Extradited to US Faces Charges in Jabber Zeus Cybercrime Case Security Week News
How TTP-based Defenses Outperform Traditional IoC Hunting Security Week News