By Erik van Klinken
Publication Date: 2026-01-08 10:49:00
Update January 8, 2026: US security authority CISA warns that the HPE OneView vulnerability CVE-2025-37164 is being actively exploited. Therefore, patching is not only good advice, but also a requirement to remain secure against ongoing attacks. Those who have not yet applied patches should also check to see if attackers have already gained access and moved laterally through the corporate network. If so, there may be backdoors that even survive a OneView patch.
Original message, December 19, 2025:
Hewlett Packard Enterprise has fixed a critical vulnerability in OneView software that allows remote code execution. The bug received the maximum CVSS score of 10.0 and is now fixed in version 11.00.
HPE announced in a security notice that the vulnerability, numbered CVE-2025-37164, is extremely dangerous. An unauthenticated attacker could remotely execute code by exploiting this flaw. OneView is an IT infrastructure management…