The flaw, tracked as CVE-2025-37164, carries a CVSS severity score of 10.0, indicating maximum critical risk.
| Attribute | Details |
|---|---|
| CVE ID | CVE-2025-37164 |
| Product | HPE OneView Software |
| Vulnerability Type | Remote Code Execution |
| CVSS Score | 10.0 (Critical) |
| CVSS Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
| Attack Vector | Network |
The vulnerability affects HPE OneView Software in all versions before v11.00. Unauthenticated remote attackers could exploit it to achieve remote code execution.
The attack requires no user interaction or special access privileges, making it immediately exploitable over the network. The vulnerability impacts the confidentiality, integrity, and availability of affected systems.
According to HPE’s security bulletin HPESBGN04985, the flaw was responsibly disclosed by security researcher brocked200 (Nguyen Quoc Khanh) on December 16, 2025.
The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A: H indicates the vulnerability is exploitable over the network without any required authentication or user interaction.
The low attack complexity means attackers can reliably execute the exploit with straightforward techniques.
HPE recommends immediate action for all affected customers. The primary solution is to upgrade to HPE OneView v11.00 or later via the My HPE Software Center portal.
Organizations running OneView versions 5.20 through 10.20 can apply a dedicated security hotfix available from HPE’s support channels.
The security hotfix must be reapplied after upgrading from HPE OneView 6.60.xx to 7.00.00, including HPE Synergy Composer reimage operations.
Security administrators managing HPE OneView deployments should prioritize patching these systems, given the critical severity and ease of exploitation.
HPE recommends reviewing system management and security procedures regularly to maintain system integrity.
Organizations unable to immediately patch should implement network segmentation to restrict access to HPE OneView systems and monitor for suspicious activity.
For technical implementation questions, HPE customers should contact their normal HPE Services support channel.
HPE continues to monitor and enhance security features across its software portfolio to provide customers with current, secure solutions against emerging threats.
AI-Powered ISO 27001, SOC 2, NIST, NIS 2, and GDPR Compliance Checklist => Start for Free
The post HPE OneView Software Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.
In January, Qualcomm hinted to The Verge that it might finally bring its powerful Arm-based…
Students are seen on the campus of Columbia University on April 14, 2025, in New…
If you’ve been waiting to grab any video games, today might be the day. On…
I first took notice of Samson: A Tyndalston Story when its team of former Just…
Stardew Valley creator Eric Barone (ConcernedApe) has released a 10th anniversary video revealing, among other…
Highguard studio Wildlight Entertainment reportedly has less than 20 people remaining to work on the…
This website uses cookies.