The vulnerability, tracked as CVE-2025-37164, affects all versions of HPE OneView before version 11.00 and poses an immediate risk to enterprise infrastructure management systems.
The flaw exists in the HPE OneView application framework and can be exploited by unauthenticated remote users to gain complete control over affected systems.
The vulnerability carries a maximum CVSS severity score of 10.0, indicating critical risk with no authentication requirements and network-accessible attack vectors.
HPE acknowledges the security researcher Brock200 (Nguyen Quoc Khanh) for discovering and responsibly reporting this vulnerability.
HPE has released comprehensive patches to resolve the security issue. Organizations running HPE OneView version 11.00 or later are protected against this vulnerability.
For users on earlier versions between 5.20 and 10.20, HPE provides security hotfixes available through their software center and support portals.
The fixes include both virtual appliance security hotfixes and HPE Synergy Composer security patches tailored for different deployment scenarios.
Enterprise customers should prioritize updating to the patched versions immediately, particularly those with public-facing OneView instances or multi-tenant environments.
Organizations unable to upgrade immediately must implement the security hotfixes and apply appropriate network segmentation to minimize exposure.
Security teams should review their OneView deployments and initiate patch management workflows without delay.
| Vulnerability Detail | Information |
|---|---|
| CVE Identifier | CVE-2025-37164 |
| Bulletin ID | HPESBGN04985 rev.1 |
| Attack Vector | Network (AV:N) |
| Authentication Required | None (PR:N) |
| Attack Complexity | Low (AC:L) |
| User Interaction | Not Required (UI:N) |
| Impact Scope | Changed (S:C) |
| Confidentiality Impact | High (C:H) |
| Integrity Impact | High (I:H) |
| Availability Impact | High (A:H) |
| CVSS v3.1 Score | 10.0 (Critical) |
| Affected Versions | All versions prior to v11.00 |
| Fixed Version | v11.00 and later |
| Release Date | December 16, 2025 |
| Reporter | brocked200 (Nguyen Quoc Khanh) |
The bulletin recommends that all users determine the applicability of this information to their infrastructure and take appropriate patching actions.
HPE provides security hotfixes for OneView versions 5.20 through 10.20 via their enterprise license portal and official support channels.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates.
The post HPE OneView Software Vulnerability Allows Remote Code Execution appeared first on Cyber Security News.
In January, Anthropic "retired" Claude 3 Opus, which at one time was the company's most…
50 Years Ago A number of area residents attended a slide presentation by the Northampton…
Jameson Fournier,11, a member of the Western Mass 4-H Ox teamsters, leads his two steers,…
President Donald Trump addressed the nation in his State of the Union Tuesday night —…
HADLEY — Significant reductions to teaching staff and education support professionals at the Hadley Elementary…
The post Photo: Snowblower fix appeared first on Daily Hampshire Gazette.
This website uses cookies.