top of page
perceptive_background_267k.jpg

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Published:

18 December 2025 at 14:39:00

Alert date:

18 December 2025 at 17:01:35

Source:

thehackernews.com

Click to open the original link from this advisory

Enterprise Applications, Zero-Day Vulnerabilities, Critical Infrastructure

Hewlett Packard Enterprise (HPE) has resolved a critical security vulnerability in OneView Software with a maximum CVSS score of 10.0. The vulnerability, tracked as CVE-2025-37164, allows unauthenticated remote code execution if successfully exploited. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems. The critical nature of this flaw and its potential for remote code execution without authentication makes it a high-priority security concern for organizations using HPE OneView.

Technical details

Critical vulnerability CVE-2025-37164 with CVSS score of 10.0 in HPE OneView Software allows remote unauthenticated users to perform remote code execution. The vulnerability affects all versions prior to version 11.00. HPE OneView is an IT infrastructure management software that streamlines IT operations and controls all systems via a centralized dashboard interface.

Mitigation steps:

Apply patches immediately for optimal protection. Upgrade to HPE OneView version 11.00 or apply available hotfix for versions 5.20 through 10.20. Note that the hotfix must be reapplied after upgrading from version 6.60 or later to version 7.00.00, or after any HPE Synergy Composer reimaging operations. Separate hotfixes are available for the OneView virtual appliance and Synergy Composer2.

Affected products:

HPE OneView Software - all versions prior to version 11.00
HPE OneView versions 5.20 through 10.20 (hotfix available)
HPE OneView virtual appliance
HPE Synergy Composer2

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2025-37164
https://www.hpe.com/us/en/software/oneview.html
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US#vulnerability-summary-1
https://support.hpe.com/hpesc/public/docDisplay?docId=sd00006817en_us&page=GUID-EE158266-5CA2-4EF6-BDEF-BD4945C38EDA.html
https://thehackernews.com/2025/06/hpe-issues-security-patch-for-storeonce.html

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page