HPE Patches Critical Flaw in IT Infrastructure Management Software

HPE Patches Critical Flaw in IT Infrastructure Management Software

Posted on By CWS

Hewlett Packard Enterprise (HPE) this week introduced patches for a critical-severity distant code execution vulnerability in its OneView IT infrastructure administration software program.

Tracked as CVE-2025-37164 (CVSS rating of 10), the safety defect could be exploited with out authentication, the corporate notes in a barebones advisory.

HPE makes no point out of the flaw being exploited within the wild, however urges prospects to replace to a set launch as quickly as potential.

In response to HPE, the difficulty impacts all OneView releases as much as model 10.20. The corporate has launched hotfixes for OneView customers and recommends updating 6.60.xx iterations to model 7.00 previous to making use of the patch. HPE Synergy Composer reimages also needs to be up to date.

The HPE OneView digital equipment safety hotfixes can be found on this web page, whereas the HPE Synergy CVE safety hotfix could be discovered right here.

HPE shunned releasing technical particulars on the weak spot however credited Nguyen Quoc Khanh for reporting it.

This week, HPE additionally rolled out fixes for 3 vulnerabilities in dependencies used within the Telco Service Activator service provisioning and activation software program platform.

Tracked as CVE-2025-49146, CVE-2025-55163, and CVE-2025-7962, the problems impression the open supply PostgreSQL JDBC driver PgJDBC, the Netty community utility framework, and Jakarta Mail.Commercial. Scroll to proceed studying.

Profitable exploitation of the bugs, the corporate says, may result in authentication bypass, denial-of-service (DoS), and Carriage Return Line Feed (CRLF) injection.

All HPE Telco Service Activator variations as much as 10.3.2 are affected. Patches for the three safety defects had been included in model 10.3.3 of the platform.

Neither of those vulnerabilities seems to have been exploited in assaults concentrating on HPE Telco Service Activator customers.

Associated: CISA Warns of Exploited Flaw in Asus Replace Software

Associated: SonicWall Patches Exploited SMA 1000 Zero-Day

Associated: JumpCloud Distant Help Vulnerability Can Expose Methods to Takeover

Associated: Atlassian Patches Crucial Apache Tika Flaw

Security Week News Tags:, , , , , ,

Related Posts

Reclaim Security Secures M to Enhance Remediation Tech Reclaim Security Secures $20M to Enhance Remediation Tech Security Week News
Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability Evidence Suggests Exploitation of CitrixBleed 2 Vulnerability Security Week News
Varonis Acquires Email Security Firm SlashNext Varonis Acquires Email Security Firm SlashNext Security Week News
American Airlines Subsidiary Envoy Air Hit by Oracle Hack American Airlines Subsidiary Envoy Air Hit by Oracle Hack Security Week News
Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Vulnerability in Dolby Decoder Can Allow Zero-Click Attacks Security Week News
Cybersecurity Firms Secured Billion in Funding in 2025: Analysis Cybersecurity Firms Secured $14 Billion in Funding in 2025: Analysis Security Week News