HPE OneView Maximum Severity Flaw Exploited in the Wild

vm_admin
HPE OneView Maximum Severity Flaw Exploited in the Wild

By Dark Reading
Publication Date: 2026-01-08 22:21:00

A maximum severity vulnerability in OneView, HPE’s software-defined management platform, has been attacked, according to the Cybersecurity and Infrastructure Security Agency (CISA).

CVE-2025-37164, which received a 10 cvss score, was added to CISA’s catalog of known exploited vulnerabilities (KEV) on Wednesday. He remote code execution (RCE) was first revealed by HPE on December 17 and a hotfix was released for all versions of IT infrastructure management software from 5.20 to 10.20.

At the time of disclosure, experts warned that CVE-2025-37164 required immediate action because OneView operates in a privileged control plane within customer networks. A view provides administrator-level control over servers, storage systems, network devices, firmware, and other assets within an enterprise environment.

“The reason this vulnerability has been assigned a maximum severity is because of what the software actually does,” Douglas McKee, director of vulnerability intelligence…

Related Posts

HPE may have bagged $1B order from Elon Musk's X for AI servers – MSN

HPE may have bagged $1B order from Elon Musk’s X for AI servers  MSN Article Source http://www.msn.com/en-us/news/technology/hpe-may-have-bagged-1b-order-from-elon-musk-s-x-for-ai-servers/ar-BB1royRV?ocid\u003dBingNewsVerp\u0026apiversion\u003dv2\u0026noservercache\u003d1\u0026domshim\u003d1\u0026renderwebcomponents\u003d1\u0026wcseo\u003d1\u0026batchservertelemetry\u003d1\u0026noservertelemetry\u003d1 Facebook Twitter Pinterest LinkedIn…