HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code

Multiple severe security vulnerabilities in HPE Insight Remote Support (IRS) platform that could allow attackers to execute remote code, traverse directories, and access sensitive information. 

The vulnerabilities affect versions prior to 7.15.0.646 and pose significant risks to enterprise infrastructure management systems.

Critical HPE IRS Remote Execution Vulnerability 

This critical vulnerability CVE-2025-37099 scored 9.8 on the CVSS v3.1 scale uses the vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network-based exploitation requiring no privileges or user interaction. 

Attackers can exploit this flaw to execute arbitrary commands on unpatched IRS installations, potentially compromising entire enterprise monitoring systems.

The vulnerability stems from improper input validation in IRS’s data processing routines, allowing malicious payloads to bypass security checks. Successful exploitation enables attackers to:

• Deploy ransomware or cryptominers across connected systems.
• Manipulate monitoring data to hide malicious activities.
• Establish persistent backdoors for lateral movement within networks.

HPE confirms this vulnerability was reported through Trend Micro’s Zero Day Initiative , highlighting its appeal to advanced threat actors.

Medium-Severity HPE IRS Flaws

CVE-2025-37097 is a Directory Traversal flaw (CVSS 7.5) that enables attackers to access files outside the IRS’s restricted directories. While rated 7.5, it serves as a critical enabler for follow-on attacks by exposing:

• Configuration files containing credentials for connected devices.
• TLS certificates are used for secure communications.
• System logs reveal network architecture details.

CVE-2025-37098 is a Privileged Information Disclosure (CVSS 6.5). This medium-severity vulnerability allows authenticated users with low privileges to access sensitive system information. The flaw exposes:

• API keys for integrated HPE OneView systems.
• Hardware inventory details of managed servers.
• Firmware versions of connected storage arrays.

While requiring valid credentials, this vulnerability becomes particularly dangerous in compromised environments where attackers have obtained basic access through phishing or credential-stuffing attacks.

CVEs	Affected Products	Impact	Exploit Prerequisites	CVSS 3.1 Score
CVE-2025-37099	HPE Insight Remote Support <7.15.0.646	Remote Code Execution (RCE)	Network access; No authentication	9.8 (Critical)
CVE-2025-37097	HPE Insight Remote Support <7.15.0.646	Directory Traversal	Network access; No authentication	7.5 (High)
CVE-2025-37098	HPE Insight Remote Support <7.15.0.646	Information Disclosure	Network access; Low privileges	6.5 (Medium)

Remediation

HPE has released Insight Remote Support version 7.15.0.646 to address all identified vulnerabilities. 

The company strongly recommends an immediate upgrade to this version or later releases to mitigate security risks. Organizations should prioritize patching efforts based on the critical CVSS 9.8 rating of CVE-2025-37099.

The embedded software management capability provides automated patch deployment through Administrator Settings > Software Updates. 

HPE recommends enabling the “Automatically Download and Install” option from the Automatic Update Level dropdown to ensure continuous security updates.

System administrators should implement additional security measures, including network segmentation, access controls, and monitoring for suspicious activities targeting HPE Insight Remote Support installations. 

Regular security assessments and adherence to patch management policies remain essential for maintaining secure enterprise environments.

Speed up and enrich threat investigations with Threat Intelligence Lookup! -> 50 trial search requests

The post HPE Insight Remote Support Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.