By Sergiu Gatlan
Publication Date: 2026-01-08 07:45:00
The US Cybersecurity and Infrastructure Security Agency (CISA) has flagged an HPE OneView maximum severity vulnerability as being actively exploited in attacks.
HPE OneView Infrastructure Management Software helps IT administrators automate the management of storage, servers, and network devices from a centralized interface.
Track as CVE-2025-37164This critical security flaw was reported by Vietnamese security researcher Nguyen Quoc Khanh (brocked200) to HPE, which security patches released in mid-December.
CVE-2025-37164 affects all versions of OneView released before v11.00 and can be exploited by unauthenticated threat actors via low complexity. code injection attacks to gain remote code execution on unpatched systems.
“A potential security vulnerability has been identified in Hewlett Packard Enterprise OneView software. This vulnerability could be exploited, allowing an unauthenticated remote user to perform remote code execution.” HPE warned in December…
