By Deeba Ahmed
Publication Date: 2026-01-10 13:45:00
If your office uses Hewlett Packard Company (HPE) OneView to manage your servers and networks, you should check your software version immediately. A major security flaw has been discovered that allows hackers to take control of systems without needing a username or password.
The situation is serious enough that the US government has intervened and given agencies a strict deadline to update their systems by the end of the month. It has officially added this issue to its known exploited vulnerabilities (K.E.V.) catalogue. As we know, when CISA includes a defect on this list, it is a signal for everyone to act immediately.
The problem: an open door
The flaw was discovered and reported to HPE by Vietnamese security expert Nguyen Quoc Khanh. It is tracked as CVE-2025-37164 and was assigned a perfect CVSS score of 10.0, the highest severity rating possible. It’s basically a code injection problem. Simply put, this means that a hacker can trick software into running their…
