By rssfeeds-admin .webp?ssl=1 "PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution")
The flaw, tracked as CVE-2025-37164, carries a maximum CVSS score of 10.0, indicating immediate danger to enterprise environments.
The vulnerability allows remote attackers to execute malicious code on affected systems without needing a password or any form of authentication.
A valid Metasploit module has already been published, making it easy for threat actors to weaponize this flaw.
| Feature | Details |
|---|---|
| CVE ID | CVE-2025-37164 |
| Severity | Critical (CVSS 10.0) |
| Vendor | Hewlett Packard Enterprise (HPE) |
| Affected Product | HPE OneView (Versions < 11.0) |
| Vulnerability Type | Remote Code Execution (RCE) |
| Exploit Status | PoC & Metasploit Module Available |
Technical Breakdown
The issue lies within the ID-Pools REST API endpoint of the HPE OneView software.
Specifically, the vulnerability exists in how the application handles the executeCommand parameter. The code explicitly marks the authentication header as “not required.”
This oversight allows an attacker to send a simple JSON command, such as opening a reverse shell, which the server then executes with high privileges.
While HPE’s advisory states that all versions before 11.0 are affected.
According to Rapid7’s analysis, the application accepts user input via a specific API request (PUT /rest/id-pools/executeCommand). However, it fails to verify whether the user is authorized.
Researchers found that the vulnerable “id-pools” feature is primarily active in HPE OneView for HPE Synergy and specific versions of HPE OneView for VMs (Branch 6.x).
HPE has released a hotfix that patches the flaw by blocking access to the vulnerable URL path.
Given the release of public exploit code and the high privileges associated with OneView management consoles, administrators are urged to patch immediately.
Verify your OneView version immediately and apply the vendor-supplied hotfix to prevent unauthorized access to your physical and virtual infrastructure.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post PoC Exploit Released HPE OneView Vulnerability that Enables Remote Code Execution appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.