By rssfeeds-admin 
The vulnerability, tracked as CVE-2025-37164, affects all versions of HPE OneView before version 11.00 and poses an immediate risk to enterprise infrastructure management systems.
The flaw exists in the HPE OneView application framework and can be exploited by unauthenticated remote users to gain complete control over affected systems.
The vulnerability carries a maximum CVSS severity score of 10.0, indicating critical risk with no authentication requirements and network-accessible attack vectors.
HPE acknowledges the security researcher Brock200 (Nguyen Quoc Khanh) for discovering and responsibly reporting this vulnerability.
HPE has released comprehensive patches to resolve the security issue. Organizations running HPE OneView version 11.00 or later are protected against this vulnerability.
For users on earlier versions between 5.20 and 10.20, HPE provides security hotfixes available through their software center and support portals.
The fixes include both virtual appliance security hotfixes and HPE Synergy Composer security patches tailored for different deployment scenarios.
Enterprise customers should prioritize updating to the patched versions immediately, particularly those with public-facing OneView instances or multi-tenant environments.
Organizations unable to upgrade immediately must implement the security hotfixes and apply appropriate network segmentation to minimize exposure.
Security teams should review their OneView deployments and initiate patch management workflows without delay.
| Vulnerability Detail | Information |
|---|---|
| CVE Identifier | CVE-2025-37164 |
| Bulletin ID | HPESBGN04985 rev.1 |
| Attack Vector | Network (AV:N) |
| Authentication Required | None (PR:N) |
| Attack Complexity | Low (AC:L) |
| User Interaction | Not Required (UI:N) |
| Impact Scope | Changed (S:C) |
| Confidentiality Impact | High (C:H) |
| Integrity Impact | High (I:H) |
| Availability Impact | High (A:H) |
| CVSS v3.1 Score | 10.0 (Critical) |
| Affected Versions | All versions prior to v11.00 |
| Fixed Version | v11.00 and later |
| Release Date | December 16, 2025 |
| Reporter | brocked200 (Nguyen Quoc Khanh) |
The bulletin recommends that all users determine the applicability of this information to their infrastructure and take appropriate patching actions.
HPE provides security hotfixes for OneView versions 5.20 through 10.20 via their enterprise license portal and official support channels.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post HPE OneView Software Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.